Hi,
Using drive 0, partition 3.
Loading...
probing: pc0 apm mem[635K 3573M 16K a20=on]
disk: hd0+
OpenBSD/i386 BOOT 3.01
boot machine memory
Region 0: type 1 at 0x1000 for 635KB
Region 1: type 2 at 0x9fc00 for 1KB
Region 2: type 2 at 0xe for 128KB
Region 3: type 1 at 0x10 for 3659244KB
On Wed, Jan 09, 2008 at 11:03:29PM +0200, Nikns Siankin wrote:
# Secure By Default.
OpenBSD uses broken WEP for securing WiFi networks.
Has no WPA/WPA2 support.
Where is your wpa code for OpenBSD ?
On Thu, Jan 10, 2008 at 06:09:24PM -0700, Darrin Chandler wrote:
On Thu, Jan 10, 2008 at 04:49:42PM -0800, Unix Fan wrote:
Darrin Chandler wrote:
Ted Unangst wrote:
what bs are you using?
Try to be more polite, please.
He wasn't being rude, bs the block size option for the dd
On Thu, Jan 10, 2008 at 03:03:02PM +0200, Nikns Siankin wrote:
On Thu, Jan 10, 2008 at 12:43:48PM +, Edd Barrett wrote:
Hello,
A lot of this is down to manpower or lack thereof. You can make it
better if you put some effort in. Failing that, If it's so bad, then
why don't you use
Kevin Wilcox wrote:
In sshd_config:
==
AllowUsers [EMAIL PROTECTED]
To make it more manageable, the AllowGroups might be better. That way
you only have to manage groups with SSH.
-Lars
On 1/10/08, Ken [EMAIL PROTECTED] wrote:
snip
I never see anything like that, since my pf rules only allow me to ssh back
to home from my work IP range.
In the space of about 15 minutes before I enabled pf all of the following
users were tried, probably
by an automated script:
snip
It
Kennith Mann III wrote:
...
While moving the SSH port doesn't help much against anyone running an
nmap scan, it stops blind port 22 scans that run generic password
hacks and filling your logs with crap,
Overloads help a bit:
pass in on $ext_if proto tcp to ($ext_if) port ssh
Hello,
I just tried installing OpenBSD 4.2 on an older PIII box I got a while
back - but I can't get the install to boot from CD. Here's what I have
so far:
- The PC has an Intel server board, L440GX+, with two PIII/550 (Slot 1)
on it. This board has both IDE and SCSI (Dual channel U2W,
On Fri, Jan 11, 2008 at 09:28:57AM +, Khalid Schofield wrote:
put this in pf.conf
Is not this missing from the recipe:?
block quick from ssh-bruteforce
pass in on $ext_if proto tcp from any to ($ext_if) port ssh \
flags S/SA keep state \
(max-src-conn-rate 3/30,
On Fri, Jan 11 2008 at 24:11, Lars Nood?n wrote:
Kennith Mann III wrote:
...
While moving the SSH port doesn't help much against anyone running an
nmap scan, it stops blind port 22 scans that run generic password
hacks and filling your logs with crap,
Overloads help a bit:
Claer [EMAIL PROTECTED] writes:
I always hesitate to use this trick. Could you please develop more the
implications of this method? Is it still effective?
Yes, it's still effective. You need to put in whatever values you
feel are appropriate for your network and users. In Lars' example,
http://home.nuug.no/~peter/pf/en/long-firewall.html#BRUTEFORCE
Best
Martin
On Fri, Jan 11 2008 at 47:11, Peter N. M. Hansteen wrote:
Claer [EMAIL PROTECTED] writes:
I always hesitate to use this trick. Could you please develop more the
implications of this method? Is it still effective?
Yes, it's still effective. You need to put in whatever values you
feel are
On 2008/01/11 12:33, Lars Noodin wrote:
I suppose another option is to use pf to filter out all incoming traffic
to the servers originating from Windows computers
you can take a look for yourself with tcpdump -O, but I think you'll
find the ssh scans are more likely to be from some variety of
put this in pf.conf
pass in on $ext_if proto tcp from any to ($ext_if) port ssh \
flags S/SA keep state \
(max-src-conn-rate 3/30, overload ssh-bruteforce flush
global)
:)
enjoy
On 10 Jan 2008, at 21:53, Ken wrote:
A practical example, real life, last night.
I was
dam you seconds ahead of my reply with the same info :)
On 11 Jan 2008, at 09:24, Lars Noodin wrote:
Kennith Mann III wrote:
...
While moving the SSH port doesn't help much against anyone running an
nmap scan, it stops blind port 22 scans that run generic password
hacks and filling your
Hello,
Did you check errata 003 ?
http://openbsd.org/errata42.html
regards
On 11/01/2008, T. Ribbrock [EMAIL PROTECTED] wrote:
Hello,
I just tried installing OpenBSD 4.2 on an older PIII box I got a while
back - but I can't get the install to boot from CD. Here's what I have
so far:
-
Claer wrote:
On Fri, Jan 11 2008 at 24:11, Lars Nood?n wrote:
...
Regarding the logs, one thing that worked in the past was giving the
netblock owner a hard time. It's their responsibility. It's not too
hard to make up a shellscript (or use another scripting language) which
automates a
On Fri, Jan 11, 2008 at 10:51:41AM +, Stuart Henderson wrote:
On 2008/01/11 12:33, Lars Noodin wrote:
I suppose another option is to use pf to filter out all incoming traffic
to the servers originating from Windows computers
you can take a look for yourself with tcpdump -O, but I
Peter N. M. Hansteen wrote:
Claer [EMAIL PROTECTED] writes:
I always hesitate to use this trick. Could you please develop more the
implications of this method? Is it still effective?
Yes, it's still effective. You need to put in whatever values you
feel are appropriate for your network
Yes, it more correctly needs to be one of the two following...
block in log quick on $ext_if from ssh-bruteforce label BLOCKBRUTES
pass in on $ext_if inet proto tcp \
from any to ($ext_if) port ssh \
flags S/SA keep state \
(max-src-conn-rate 3/30, overload ssh-bruteforce flush global) \
On Fri, Jan 11, 2008 at 11:07:49AM +0001, Jason McIntyre wrote:
| an inclusive match is usually better e.g.
| pass proto tcp from any os OpenBSD to port ssh
|
| that could be less useful if you have ipv6 connections in, no? since
| pf.os(5) claims only to be able to fingerprint hosts that
On Fri, Jan 11, 2008 at 11:29:37AM +0100, Fridiric Pli wrote:
Did you check errata 003 ?
http://openbsd.org/errata42.html
Embarrassingly, I forgot to check the erratas - thanks for the reminder.
I tried that now, but CD2 isn't even recognised as bootable by the
SCSI-controller, hence,
the PC
On Fri, 11 Jan 2008, Fridiric Pli wrote:
Hello,
Did you check errata 003 ?
http://openbsd.org/errata42.html
This does not sound like e003. I have experienced that, and you dont get
this far.
---
Best Regards
Edd
[EMAIL PROTECTED]
http://students.dec.bmth.ac.uk/ebarrett
Lars NoodC)n wrote:
I suppose another option is to use pf to filter out all incoming traffic
to the servers originating from Windows computers maybe except to
relevant services like http port or https. If we could see a blanket
ban on connecting Windows machines to the net, things would
Jason McIntyre wrote:
csh was the default shell for a long time. various bits of documentation
still reflect that, to some degree
What's the correct procedure for adding requests for picayune changes to
the List of Things To Do ?
Regards
-Lars
wd0(pciide1:0:0): timeout
type: ata
c_bcount: 16384
c_skip: 0
pciide1:0:0: bus-master DMA error: missing interrupt, status=0x21
wd0h: device timeout writing fsbn 87668544 of 87668544-87668575 (wd0 bn
144972399; cn 9024 tn 29 sn 12), retrying
wd0: soft error (corrected)
By taking them away from the developer and putting them under auspices
of the FSF. I would never write a single line of code with a gun to my
head and that is what the GPL does.
You got it the wrong way around Richard.
On Fri, Jan 11, 2008 at 08:57:39AM -0500, Richard Stallman wrote:
Those
On Fri, Jan 11, 2008 at 04:06:22PM +0200, Lars NoodC)n wrote:
ksh is the default shell, but the man page for 'jobs' refers to csh
The two appear to differ in how they handle background / foreground
jobs. In csh, '%1' works the same way 'fg %1' does, but in ksh, only
'fg %1' works:
On Fri, Jan 11, 2008 at 04:28:12PM +0200, Lars NoodC)n wrote:
Jason McIntyre wrote:
csh was the default shell for a long time. various bits of documentation
still reflect that, to some degree
What's the correct procedure for adding requests for picayune changes to
the List of Things
On Thu, 10 Jan 2008, Darrin Chandler wrote:
On Thu, Jan 10, 2008 at 02:36:15PM -0800, Ted Unangst wrote:
On 10 Jan 2008 14:17:43 -0800, Unix Fan [EMAIL PROTECTED] wrote:
Does OpenBSD's base utilities support 64 bit I/O?
I attempted to create a 8GB file using the dd application distributed
On 2008/01/11 11:07, Jason McIntyre wrote:
On Fri, Jan 11, 2008 at 10:51:41AM +, Stuart Henderson wrote:
On 2008/01/11 12:33, Lars Noodin wrote:
I suppose another option is to use pf to filter out all incoming traffic
to the servers originating from Windows computers
you can
* Artur Grabowski [EMAIL PROTECTED] [2008-01-11 16:30]:
Martmn Coco [EMAIL PROTECTED] writes:
pfstatekeypl 108 108435160 5769657 138375 1243 137132 137132 0
80
[...]
In use 540926K, total allocated 559516K; utilization 96.7%
This is a bit extreme. Either you have some
2008/1/12, Richard Stallman [EMAIL PROTECTED]:
In that case, buying a Windows computer would be Ok, as long as you
don't update the version of Windows software that is on it... when you
want a newer version of Windows, just get a new computer.
It is normal for users to install
Folks,
I am trying to compile GCC 4.2 from ports, and I keep
getting the same error... with OpenBSD 4.2 and current
as well.
checking whether the C compiler
(/usr/ports/lang/gcc/4.2/w-gcc-4.2.20070307/bin/egcc
-O2 -g ) works... no
configure: error: installation or configuration
problem: C
On Fri, Jan 11, 2008 at 04:21:08PM +, Jason McIntyre wrote:
| MD5 (/usr/share/man/cat1/csh.0) = 2c1dd890eea88efea42df42ae68f8b70
| # md5 /usr/share/man/cat1/jobs.0
| MD5 (/usr/share/man/cat1/jobs.0) = 2c1dd890eea88efea42df42ae68f8b70
| # cp /usr/share/man/cat1/ksh.0
Hi,
I just upgraded my home firewall/router from 4.1 to a current snapshot from
9th January. I also changed the NIC which is connected to my core switch from
fxp to em and upgraded the memory from 128Mb to 256Mb.
With PF disabled I can route about 40Mbyte/s (sorry, don't have pps but the
On 2008/01/11 12:18, Claer wrote:
Sorry for not being that clear. I was talking about auto mailing whois
address block abuse contacts.
maybe you could get it to auto-mail *you* with the details to make
it easier to send that onwards, but don't auto-mail whois contacts.
you're asking people to
On Fri, 11 Jan 2008 16:05:49 +0100, jere wrote
wd0(pciide1:0:0): timeout
type: ata
c_bcount: 16384
c_skip: 0
pciide1:0:0: bus-master DMA error: missing interrupt, status=0x21
wd0h: device timeout writing fsbn 87668544 of 87668544-87668575 (wd0
bn 144972399; cn
Thanks everyone who responded in constructive fashion,
and thanks for all additions to list, sorry for not answering you all!
These who got hurt about these truthfull facts, rest in peace. hehehe
On Wed, Jan 09, 2008 at 11:03:29PM +0200, Nikns Siankin wrote:
Facts about OpenBSD:
# Stable
Jason McIntyre wrote:
what are picayune changes?
http://dictionary.reference.com/search?q=picayune
Trifling things like making the command 'man jobs' point to the man page
for ksh instead of csh
# md5 /usr/share/man/cat1/csh.0
MD5 (/usr/share/man/cat1/csh.0) =
On Fri, Jan 11, 2008 at 05:18:59PM +0200, Lars NoodC)n wrote:
Jason McIntyre wrote:
what are picayune changes?
http://dictionary.reference.com/search?q=picayune
ah ok. i've never heard the term before.
Trifling things like making the command 'man jobs' point to the man page
for ksh
Paul de Weerd wrote:
... I would add that, as a newbie unix user many
moons ago, I was surprised to not find a manual page for some
commands I could run which turned out to be documented in the
manpage of my shell.
Yeah, I too figure that out, but never remember what's built into the
shell.
That's interesting indeeed. We are running stable, but I'm not sure how
frequently we are updating it. And it seems like this one is a somewhat
recent patch, so maybe it's not been included on that install.
I'm going to try it and let you know. Thanks for your advice and sorry
for not checking
On Fri, 2008-01-11 at 16:05:49 +0100, jere proclaimed...
I suddenly got this error (while surfing the web in default Gnome
session) on OpenBSD 4.2 release (patched up to patch_004, including it).
Is it a disk error or something else ? Please help.
This is just a soft disk error; you may
Martmn Coco [EMAIL PROTECTED] writes:
pfstatekeypl 108 108435160 5769657 138375 1243 137132 137132 0
80
[...]
In use 540926K, total allocated 559516K; utilization 96.7%
This is a bit extreme. Either you have some insane amount of states in
your pf or something is leaking
Hi,
I'm currently testing some stuff with ospfd (and his friend ospfctl) and
I wonder if I found a bug or if I have done something wrong.
Let's make a schema :
|---| xl1
172.16.1.2 (Test box 1) xl0 10.0.1.1 |--
Hi,
I just read the updated errata42.html and wanted to sync my tree so I
can rebuild the kernel. I got a message from CVS:
cvs server: sys/arch/sparc64/dev/sab.c is no longer in the repository
I can see no OPENBSD_4_2 tag on
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/arch/sparc64/dev/sab.c
On Fri, Jan 11, 2008 at 08:03:49AM -0800, Private Joker wrote:
I am trying to compile GCC 4.2 from ports, and I keep
getting the same error... with OpenBSD 4.2 and current
as well.
checking whether the C compiler
(/usr/ports/lang/gcc/4.2/w-gcc-4.2.20070307/bin/egcc
-O2 -g ) works... no
On Fri, Jan 11, 2008 at 05:53:57PM +0100, Paul de Weerd wrote:
|
| right now csh's makefile lists some (not all) builtins as links to
| csh(1). i'm not sure that i see any sense in having MLINKS to builtins,
| to be honest.
I agree with that but I would add that, as a newbie unix user many
Jason McIntyre wrote:
...
generally speaking, the docs have a bias towards ksh, since ksh is the
default shell. i'm not sure that that means having jobs(1) be a link to
csh(1) is wrong though. if it points to ksh(1), csh users lose out. and
vice versa.
Ok. It's not a big deal either way,
On Fri, Jan 11, 2008 at 09:02:36PM +0200, Lars NoodC)n wrote:
What about saving space by using a symlink instead?
i saved space by removing all the builtin pages.
please use tools like whence to find out what you're executing, and
man/locate to find the stuff.
jmc
re-test and post with in your ruleset
pass in quick on fxp0 inet from any to any keep state
pass out quick on $ext_if inet from any to any keep state
/S
-Original Message-
From: Chris Cohen [EMAIL PROTECTED]
To: misc@openbsd.org
Subject: 4.2-current throughput with pf enabled
Date:
Here is the output from the Intel DQ35MP:
boot machine memory
Region 0: type 1 at 0x1000 for 630KB
Region 1: type 2 at 0x9e800 for 6kb
Region 2: type 2 at 0xe for 128KB
Region 3: type 1 at 0x10 for 998016KB
Region 4: type 4 at 0x3cfa for 772KB
Region 5: type 1 at 0x3d061000 for
On 1/11/08, Jason McIntyre [EMAIL PROTECTED] wrote:
i think the issue is that having MLINKs for a particular shell is
not the correct fix. a better solution, as i see it, is to encourage
users to read the man page for the shell they're using, and to use
commands such as whence to find out what
On Fri, Jan 11, 2008 at 10:37:16AM +0100, T. Ribbrock wrote:
[...]
If I try to boot from CD, the only lines I get are:
CR-ROM: 9F
Loading /4.2/I386/CDBOOT
probing: pc0 com0 com1 mem[635K 638M a20=on]
disk:
At this point, the machine hangs hard, i.e. neither keyboard, nor
reset/power
Forgot to Cc: [EMAIL PROTECTED]
On Jan 11, 2008 8:02 PM, Lars Noodin [EMAIL PROTECTED] wrote:
Jason McIntyre wrote:
...
generally speaking, the docs have a bias towards ksh, since ksh is the
default shell. i'm not sure that that means having jobs(1) be a link to
csh(1) is wrong though. if
I just read the updated errata42.html and wanted to sync my tree so I
can rebuild the kernel. I got a message from CVS:
cvs server: sys/arch/sparc64/dev/sab.c is no longer in the repository
I can see no OPENBSD_4_2 tag on
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/arch/sparc64/dev/sab.c
Sunnz ha scritto:
2008/1/12, Richard Stallman [EMAIL PROTECTED]:
In that case, buying a Windows computer would be Ok, as long as you
don't update the version of Windows software that is on it... when you
want a newer version of Windows, just get a new computer.
It is normal for
On Fri, Jan 11, 2008 at 08:01:22PM +, Miod Vallat wrote:
For some reason, this reminds me of Debian's undocumented(1) to which
all undocumented command manual pages point to.
wow!
of course, we could go one better and have typo(1). we could MLINK
all combinations of letters which are
ksh is the default shell, but the man page for 'jobs' refers to csh
The two appear to differ in how they handle background / foreground
jobs. In csh, '%1' works the same way 'fg %1' does, but in ksh, only
'fg %1' works:
# echo $0
-ksh
# jobs
[3] + Suspended
On Friday 11 January 2008 18:36:54 scott wrote:
re-test and post with in your ruleset
pass in quick on fxp0 inet from any to any keep state
pass out quick on $ext_if inet from any to any keep state
Did that, didn't change anything. Maybe I should add some details:
I generated the traffic by
Try using something like iperf or netperf to get more results than just
icmp.
J
On Jan 11, 2008 9:36 AM, scott [EMAIL PROTECTED] wrote:
re-test and post with in your ruleset
pass in quick on fxp0 inet from any to any keep state
pass out quick on $ext_if inet from any to any keep state
/S
On Fri, Jan 11, 2008 at 11:43:38AM -0800, Ted Unangst wrote:
On 1/11/08, Jason McIntyre [EMAIL PROTECTED] wrote:
i think the issue is that having MLINKs for a particular shell is
not the correct fix. a better solution, as i see it, is to encourage
users to read the man page for the shell
i think the issue is that having MLINKs for a particular shell is
not the correct fix. a better solution, as i see it, is to encourage
users to read the man page for the shell they're using, and to use
commands such as whence to find out what exactly they're executing,
and man/locate to
--- Richard Stallman [EMAIL PROTECTED] wrote:
Thus the combined work, THE WHOLE POINT OF WRITING IT, is under
the GPL. That IS what you just said. Which is forcing me into a
license for my project that I don't want.
We require you to use, for your program that contains our
4 years using OpenBSD . huh ?
i guess now, u stop using OpenBSD and start making your ownOS ... LOL
and you just whining + flamer = junker = rest in hell ...
On 1/12/08, Nikns Siankin [EMAIL PROTECTED] wrote:
Thanks everyone who responded in constructive fashion,
and thanks for all
I encounter same error for some other packages, when I set:
CFLAGS=-I/usr/local/include
LDFLAGS=-L/usr/local/lib
It works fine.
2008/1/12, Private Joker [EMAIL PROTECTED]:
Folks,
I am trying to compile GCC 4.2 from ports, and I keep
getting the same error... with OpenBSD 4.2 and current
I use both fxp and em NICs and have great throughput. You may want to
check the full-half duplex settings/agreements -- configured and
actual-operation -- with the pf box AND EACH adjacent device.
Disagreements can provoke a lot of re-sends.
Also, with the slower link, you may want to try
Cell phone systems keep track of the location of the phone, and they
can record the information permanently. They can do this even when
the phone is switched off, because it still transmits.
That information comes from the Palestine Information Technology
Association. In Palestine, being
On 10/01/2008, bofh [EMAIL PROTECTED] wrote:
On Jan 9, 2008 8:45 PM, Ted Unangst [EMAIL PROTECTED] wrote:
On 1/9/08, bofh [EMAIL PROTECTED] wrote:
Just curious if you know how Kevin Mitnick was tracked down and
captured?
did the police go to the billing address of the cell phone he
72 matches
Mail list logo
