Re: OpenBSD and SYNFlood / DDoS protection

synproxy in pf already makes sure the 3-way handshake completes before the connection is completed on the other side; rate limiting can also be done on the OpenBSD firewall, so it's not clear why you would need an extra box there. The bigger problem with DDoS attacks is that the upstream pipe is

Re: OpenBSD and SYNFlood / DDoS protection

2008/7/19 Parvinder Bhasin [EMAIL PROTECTED]: This maybe dumb but won't hurt to throw this out there, maybe this has to be built with combination of tools, technologies etc but i would definately like to first collect as much info and then maybe work on this (or maybe the solution - open

Re: CARP not leaving backup state

On 2008-07-19, William Stuart [EMAIL PROTECTED] wrote: Thanks everyone I figured it out! 19:13:46.334037 CARPv2-advertise 36: vhid=50 advbase=1 advskew=0 demote=0 (DF) [tos 0x10] 19:13:46.334299 CARPv2-advertise 36: vhid=50 advbase=1 advskew=0 demote=0 (DF) [tos 0x10] Something is

Re: how to undelete?

On Mon, Jul 7, 2008 at 9:30 PM, macintoshzoom [EMAIL PROTECTED] wrote: Which hex editor do you advise? Should I have to umount the partition before? the partition is 40 GB size on a secondary disk, OpenBSD old slice, should I need at least such space (/tmp ?) to open it on the hex editor from

Re: clock on alic3 board

Marc Balmer wrote: * riwanlky wrote: Hai all, I have problem on clock with Alic3 board from Pc Engines on OpenBSD 4.3 dmesg- OpenBSD 4.3 (GENERIC) #698: Wed Mar 12 11:07:05 MDT 2008 and the ntpd message on tail /var/log/daemon Jul 17 16:14:44 pceng4 ntpd[5847]: adjusting local clock by

Re: clock on alic3 board

Alexander Hall wrote: Marc Balmer wrote: * riwanlky wrote: Hai all, I have problem on clock with Alic3 board from Pc Engines on OpenBSD 4.3 dmesg- OpenBSD 4.3 (GENERIC) #698: Wed Mar 12 11:07:05 MDT 2008 and the ntpd message on tail /var/log/daemon Jul 17 16:14:44 pceng4 ntpd[5847]:

Re: clock on alic3 board

* Alexander Hall wrote: [...] True. A little addition for the archives (since it's been a while now): $ date -r 86908 Fri Jan 2 01:08:28 CET 1970 Oops. My bad. A better approach (combined with correct reading): $ date -ur 0 Thu Jan 1 00:00:00 UTC 1970 $ date -ur 86908 Fri Jan 2

Re: how to undelete?

On Sat, Jul 19, 2008 at 5:23 AM, Die Gestalt [EMAIL PROTECTED] wrote: On Mon, Jul 7, 2008 at 9:30 PM, macintoshzoom [EMAIL PROTECTED] wrote: Which hex editor do you advise? Should I have to umount the partition before? the partition is 40 GB size on a secondary disk, OpenBSD old slice, should

Re: OpenBSD and SYNFlood / DDoS protection

* Ryan McBride [EMAIL PROTECTED] [2008-07-19 10:16]: The bigger problem with DDoS attacks is that the upstream pipe is filled up with traffic that was true in the 90s, and maybe the first half of this decade, but really isn't any more. Most server installs I have worked with have the pipe limit

Setting priority on interface fails in latest snapshot

After updating my i386 firewall cluster to the latest snapshot (16 Jul, 22:15) # ifconfig vr0 priority 2 ifconfig: priority: bad value Is this a regression, or did the syntax change since my last update about one week ago? I did re-read the man page and also looked through the CVS commits, but

svnd questions (encrypting all of a partition or disk)

My laptop (Thinkpad T41p) and I are going to be doing a lot of travelling in the next year, so I'm investigating how to (cryptographically) improve my security in case of loss/theft/seizure. Right now I use cfs (ports) for a few sensitive subdirectories, but 95+% of my /home is still cleartext to

OpenCON 2008

Hi, I was just wondering if a date for OpenCON 2008 is known. I would like to try to book earlier to save pennies :) Thanks -- Best Regards Edd http://students.dec.bmth.ac.uk/ebarrett

Re: Weird RAIDFrame behaviour in 4.3 [Solved]

On Mon, 14 Jul 2008 16:26:45 +0200 Simon Vallet [EMAIL PROTECTED] wrote: [...] I suspect this is due to a problem with the raidframe label on wd0d, but I have no clue on how to fix this : It turns out the component label simply hadn't been written on wd0, since my raid0.conf at -I time

Re: how to undelete?

On Sat, 19 Jul 2008 10:18:19 -0400 Nick Guenther [EMAIL PROTECTED] wrote: On Sat, Jul 19, 2008 at 5:23 AM, Die Gestalt [EMAIL PROTECTED] wrote: On Mon, Jul 7, 2008 at 9:30 PM, macintoshzoom [EMAIL PROTECTED] wrote: Which hex editor do you advise? Should I have to umount the partition

Re: Setting priority on interface fails in latest snapshot

On Sat, Jul 19, 2008 at 05:34:10PM +0200, Rolf Sommerhalder wrote: After updating my i386 firewall cluster to the latest snapshot (16 Jul, 22:15) # ifconfig vr0 priority 2 ifconfig: priority: bad value Is this a regression, or did the syntax change since my last update about one week ago?

Re: svnd questions (encrypting all of a partition or disk)

This might be a good time to try my giant softraid diff that makes crypto useful. On Sat, Jul 19, 2008 at 05:04:44PM +0100, Jonathan Thornburg wrote: My laptop (Thinkpad T41p) and I are going to be doing a lot of travelling in the next year, so I'm investigating how to (cryptographically)

Re: svnd questions (encrypting all of a partition or disk)

If you have some time and a spare disk, why not experiment with the 3 or 4 options available to you before settling on one. - cfs - svnd backed by a file in a filesystem - svnd backed by a whole slice on disk - softraid w/ crypto softraid w/ crypto is still kind of a work in progress, but it's

Re: how to undelete?

You might want to try Photorec : http://www.cgsecurity.org/wiki/PhotoRec good luck On Mon, Jul 7, 2008 at 1:48 PM, macintoshzoom [EMAIL PROTECTED] wrote: I deleted a directory from an OpenBSD slice from my 2nd HD, and I need to recover a single file. I tried :

Re: Setting priority on interface fails in latest snapshot

cjeker wrote: This diff got removed from the latest snaps. Thanks for prompt reply. That's bad news, as I am using it on the firewall cluster to resolve a problem in connection with default routes and dhclient, as per your previous recommendation. Is this removal just a temporary measure until

Re: svnd questions (encrypting all of a partition or disk)

On Sat, Jul 19, 2008 at 05:04:44PM +0100, Jonathan Thornburg wrote: My laptop (Thinkpad T41p) and I are going to be doing a lot of travelling in the next year, so I'm investigating how to (cryptographically) improve my security in case of loss/theft/seizure. Right now I use cfs (ports) for a

uvideo trouble with snapshot of 20080717

Hi all, Lenovo X300, snapshot for i386, from 20080717 (also 20080716) dumps into dbb on boot on uvideo: uvm_fault(0xd0814b20, 0x0, 0, 1) - e kernel: page fault trap, code=0 Stopped at uvideo_vs_negotiation+0x81: mov10x15(%eax),%eax ddb{0} //no console to capture output, made some

Re: OpenCON 2008

On Saturday 19 July 2008 18:33:33 you wrote: Hi, I was just wondering if a date for OpenCON 2008 is known. I would like to try to book earlier to save pennies :) Thanks Hi, 28-30 November 2008 Venice, Italy Bye -- fabioFVZ

Re: OpenBSD and SYNFlood / DDoS protection

On Jul 19, 2008, at 1:26 AM, ropers wrote: 2008/7/19 Parvinder Bhasin [EMAIL PROTECTED]: This maybe dumb but won't hurt to throw this out there, maybe this has to be built with combination of tools, technologies etc but i would definately like to first collect as much info and then maybe work

Kaminsky's DNS bug: PF workaround

Suppose: 1. Dan Kaminsky's recently announced DNS cache poisoning vulnerability is anywhere near as serious as he and others have made it out to be, and 2. Simple UDP source port randomization of DNS requests is indeed sufficient to mitigate the vulnerability. I think we have

Re: OpenBSD and SYNFlood / DDoS protection

On Jul 19, 2008, at 1:26 AM, ropers wrote: I don't mean to be impolite, but considering that these guys http://www.rayservers.com/ddos-protection are the first Google hit for firewall ddos protection openbsd (w/o quotation marks), it would seem to me that you maybe didn't Use Teh Google.

Re: OpenBSD and SYNFlood / DDoS protection

* Parvinder Bhasin [EMAIL PROTECTED] [2008-07-19 23:12]: Perhaps I didn't make it clear..maybe but yeah..I totally know that there are PAY solutions, like I mentioned that I know of many devices that can achieve this. I have done research on these devices and was thinking maybe something (

Re: OpenBSD and SYNFlood / DDoS protection

On Jul 19, 2008, at 2:31 PM, ropers wrote: On Jul 19, 2008, at 1:26 AM, ropers wrote: I don't mean to be impolite, but considering that these guys http://www.rayservers.com/ddos-protection are the first Google hit for firewall ddos protection openbsd (w/o quotation marks), it would seem to me

Re: OpenBSD and SYNFlood / DDoS protection

btw: Ropers Thanks for the link. On Jul 19, 2008, at 2:31 PM, ropers wrote: On Jul 19, 2008, at 1:26 AM, ropers wrote: I don't mean to be impolite, but considering that these guys http://www.rayservers.com/ddos-protection are the first Google hit for firewall ddos protection openbsd (w/o

Re: svnd questions (encrypting all of a partition or disk)

On 7/19/08, Chris Kuethe [EMAIL PROTECTED] wrote: - svnd backed by a whole slice on disk I know some people have done this, but the code doesn't like it. I'd stick with normal files.

Re: svnd questions (encrypting all of a partition or disk)

On 7/19/08, Tobias Ulmer [EMAIL PROTECTED] wrote: [4] # mount -o softdep /dev/sd0a /mnt [5] # dd if=/dev/arandom bs=1m of=/mnt/imagefile count=... prepare to wait a few days... there is known plaintext at specific locations anyway, disklabel, filesystem metadata,... very little really.

Unable to connect to Xvfb using sshd

I am running an HP Vectra VL400 system under OpenBSD 4.4 beta 2007-07-11. When I attempt to connect using ssvnc from my windows box using the ssh option I am getting connection refused by server: Administratively prohibited When I check authlog, the error message is July 19 23:19:22