PacSec 2007 Call For Papers (Nov. 29/30, deadline July 27)

PacSec CALL FOR PAPERS World Security Pros To Converge on Japan TOKYO, Japan -- To address the increasing importance of information security in Japan, the best known figures in the international security industry will get together with leading Japanese researchers to share best practi

Re: Access Control Mechanism (DAC x MAC)

> Having Read about computer security, one of the parts that mostly > called up my atention were the access control mechanisms. I've found > out that the mechanism used by mostly of the Unix-like systems is DAC > (Discretionary Access Control) and as I could see OpenBSD fits in that > mechanism as

Re: Access Control Mechanism (DAC x MAC)

Joco Salvatti wrote: MAC is much more sophiscitated that DAC. Thus I would like to know from you why OpenBSD does not implement this type of mechanism. More sophisticated != better. The longer answer is in the archives. --- Lars Hansson

Re: sensorsd says the sensor is within limit, but it's not...

On 03/07/07, Per-Olov Sjvholm <[EMAIL PROTECTED]> wrote: Hi Misc I am probably missing something, but what.. sensorsd says in the syslog that the sensor is "within limits" even though a "sysctl -a|grep sensor" shows that it is not. Are there any known bugs? I have checked the list and canno

Re: Access Control Mechanism (DAC x MAC)

On Tue, 3 Jul 2007 22:32:01 -0300, Joco Salvatti wrote: >Hi all, > >Having Read about computer security, one of the parts that mostly >called up my atention were the access control mechanisms. I've found >out that the mechanism used by mostly of the Unix-like systems is DAC >(Discretionary Access

Re: Access Control Mechanism (DAC x MAC)

Joco Salvatti wrote: Hi all, Having Read about computer security, one of the parts that mostly called up my atention were the access control mechanisms. I've found out that the mechanism used by mostly of the Unix-like systems is DAC (Discretionary Access Control) and as I could see OpenBSD fits

Re: HP proliant DL140-G3 install problems

On Tue, Jul 03, 2007 at 06:26:42PM +0200, Reyk Floeter wrote: > On Tue, Jul 03, 2007 at 04:18:35PM +0100, Doros Eracledes wrote: > > I am trying to install 4.1 amd64 on a proliant DL140-G3 server and have > > various problems. > > > > I've found on previous postings that the axe and uberry driver

Access Control Mechanism (DAC x MAC)

Hi all, Having Read about computer security, one of the parts that mostly called up my atention were the access control mechanisms. I've found out that the mechanism used by mostly of the Unix-like systems is DAC (Discretionary Access Control) and as I could see OpenBSD fits in that mechanism as

Re: Soekris net5501 IPsec performance?

Christian Weisgerber [EMAIL PROTECTED] wrote: > > As reported ad nauseum, the vpn1411 doesn't work reliably in earlier > Soekrises. Whether this still applies to the net5501 is a valid > question. > The only common piece between the 4501 and the 4801 was the ethernet chip. Everything else was d

Re: Setting up a virtual hosting machine w. SSH/SFTP accounts - pitfalls/experiences?

> > >You don't want user 1's web applications to be able to access data in user > > >2's web application storage space. > > I will only be using mod_php. In the past, without the user shell > > accounts, this has worked rather well for me in combination with the > > "open_base_dir" directive in

Re: trunk, carp

Reyk Floeter wrote: On Tue, Jul 03, 2007 at 03:57:20PM +0200, Fredrik Carlsson wrote: Hi again, My setup looks like this: [em0, em1]-trunk0 <- vlan2 <- carp2 [em2, em3]-trunk1 <- vlan104 <- carp104 If don't use carp at all everything works fine, but when i add carp to trunk0 and tr

Re: Changing IO or memory value

On Tue, Jul 03, 2007 at 09:06:29PM +0200, Leon Komlo?i wrote: | Does anone have idea how to put certain value to a certain IO location | from operating system. Is there some kind of debug or something? | | I need to read IO location 0x09030, change and then write it back. I don't know of a portabl

Changing IO or memory value

Does anone have idea how to put certain value to a certain IO location from operating system. Is there some kind of debug or something? I need to read IO location 0x09030, change and then write it back. Leon Komlosi

Re: Intel xeon fails to boot with 4.1 release

On 7/3/07, Austin Hook <[EMAIL PROTECTED]> wrote: Hi Chris, Thanks! What kind of an issue was it? You just had to increase the VM_PHYSSEG_MAX definition, or was that a misdirection? Just had to increase VM_PHYSSEG_MAX. BTW, way, how long does it take for such patches to show up in

Re: kerberos - incorrect net address

My previous message was probably a bit dense, so I'll try my best to get right to the point. kerberos kinit was failing, giving me the error "incorrect net address" The kdc.log file indicated that the request was coming from ::1 (the IPv6 loopback, is that right?) After much looking, I found tha

Re: HP proliant DL140-G3 install problems

On Tue, Jul 03, 2007 at 04:18:35PM +0100, Doros Eracledes wrote: > I am trying to install 4.1 amd64 on a proliant DL140-G3 server and have > various problems. > > I've found on previous postings that the axe and uberry driver are > causing a problem and the kernel fails to load. > > What I've don

Re: Intel xeon fails to boot with 4.1 release

Hi Chris, Thanks! What kind of an issue was it? You just had to increase the VM_PHYSSEG_MAX definition, or was that a misdirection? Austin BTW, way, how long does it take for such patches to show up in either the 4.1 or patch branch corrections lists on the web site? Austin On S

IPSec Road Warriors

Hi, we are running an OpenBSD 4.0 Firewall/VPN Cluster (CARP). One of my collegues connects with a DrayTek 2700 Router to the Internet, and this router is establishing an IPSec-Tunnel to our Firewall- Cluster. The Tunnel is stable, besides the 24-Hour disconnect. The IP of the DrayTek changes, an

HP proliant DL140-G3 install problems

I am trying to install 4.1 amd64 on a proliant DL140-G3 server and have various problems. I've found on previous postings that the axe and uberry driver are causing a problem and the kernel fails to load. What I've done until now is to install openbsd 4.1 on another machine update and recompile t

sk(4): Marvell 88E1011 not working with 4.1

Hi folks, Since i upgraded our firewall to 4.1, i have severe problems with the Marvell 88E1011 Gigabit interface. netstat shows thousands of ierrs after 15 minutes of uptime. No Problems with 4.0. Is this a known issue? I found only one relevant posting http://archives.neohapsis.com/archives

Commerces à vendre

Bonjour, Vous vendez votre fond de commerce ? Vous souhaitez acquirir un fond de commerce ? Consultez ou inscrivez gratuitement votre annonce dachat ou de vente de fond de commerce sur www.vente-fonds-commerce.fr. Dans lattente de votre prochaine visite, Veuillez agrier nos sinchres salutation

Re: trunk, carp

> On Tue, Jul 03, 2007 at 03:57:20PM +0200, Fredrik Carlsson wrote: >> Hi again, >> >> My setup looks like this: >> >> [em0, em1]-trunk0 <- vlan2 <- carp2 >> [em2, em3]-trunk1 <- vlan104 <- carp104 >> >> If don't use carp at all everything works fine, but when i add carp to >> trunk0 and tr

Re: Bad performance on ThinkPad T41 (-current checked out on July 1)

On Tue, Jul 03, 2007 at 10:20:18PM +1000, Jonathan Gray wrote: > On Tue, Jul 03, 2007 at 01:49:09PM +0200, Martin Toft wrote: > > Disk I/O is the only test where I use different programs (hdparm and > > dd), as I couldn't find a port/package of hdparm for OpenBSD. > > Still, I think the results are

Re: : : : Troubleshooting PCMCIA modem 3Com 3CXM756

On Thu, Jun 14, 2007 at 10:22:50AM +0200, Raimo Niskanen wrote: > Hi again, sorry to bother you again but who else would know? > Can ayone make an educated guess on what has the best > possibility to work for OpenBSD 4.1: > * US Robotics USB modem > * Other USB modem (Sweex) > * ZONET ZFM5600 MODE

sensorsd says the sensor is within limit, but it's not...

Hi Misc I am probably missing something, but what.. sensorsd says in the syslog that the sensor is "within limits" even though a "sysctl -a|grep sensor" shows that it is not. Are there any known bugs? I have checked the list and cannot find anything related to this... I run a Dell PE830 on Op

IPSec Road Warriors

Hi, we are running an OpenBSD 4.0 Firewall/VPN Cluster (CARP). One of my collegues connects with a DrayTek 2700 Router to the Internet, and this router is establishing an IPSec-Tunnel to our Firewall- Cluster. The Tunnel is stable, besides the 24-Hour disconnect. The IP of the DrayTek changes, an

Re: : : acpi suspend?

On Tue, Jul 03, 2007 at 09:44:09AM +0200, Raimo Niskanen wrote: > If I may extend the question a bit... > > How are the chances that "hibernate" (to swap) will be implemented > in the (relatively near) future>? > > I just bought a used ThinkPad T23, it comes with XP and the BIOS > does not look

Re: trunk, carp

On Tue, Jul 03, 2007 at 03:57:20PM +0200, Fredrik Carlsson wrote: > Hi again, > > My setup looks like this: > > [em0, em1]-trunk0 <- vlan2 <- carp2 > [em2, em3]-trunk1 <- vlan104 <- carp104 > > If don't use carp at all everything works fine, but when i add carp to > trunk0 and trunk1 it

Re: dhcp question

mgb wrote: List, I have a 4.1 GENERIC machine acting as DHCP server, serving out IP addresses to 7 diskless client machines. Each client machine needs to be pushed a different configuration file in order to start a process once booted. There is a chance that any number of clients may be re

trunk, carp

Hi again, My setup looks like this: [em0, em1]-trunk0 <- vlan2 <- carp2 [em2, em3]-trunk1 <- vlan104 <- carp104 If don't use carp at all everything works fine, but when i add carp to trunk0 and trunk1 it takes a few seconds and the box hangs and a poweroff reboot is needed. If only one

Re: dhcp question

On Tue, Jul 03, 2007 at 02:45:00PM +0100, mgb wrote: > So if I defined a large pool of IP addresses in dhcpd.conf that > would avert the problem described above, however I'm struggling to > think of a solution on how would clients would request the correct > configuration file? and how could I hand

dhcp question

List, I have a 4.1 GENERIC machine acting as DHCP server, serving out IP addresses to 7 diskless client machines. Each client machine needs to be pushed a different configuration file in order to start a process once booted. There is a chance that any number of clients may be replaced at an

Re: 'netstat: invalid address (30000) ???" on 4.1-current i386 binary snapshot

On Tue, 3 Jul 2007, Adriaan wrote: > On 7/3/07, Adriaan <[EMAIL PROTECTED]> wrote: > > On 6/28/07, Otto Moerbeek <[EMAIL PROTECTED]> wrote: > > > > > > On Thu, 28 Jun 2007, Adriaan wrote: > > > > > > > On a freshly installed binary snapshot "netstat -an -f inet6" shows > > > > "netstat: invalid ad

bgp router setup

hi, anybody can tell howto create a good redundant bgp router setup? right now i have 2 uplinks, both announcing a full table, and one bgp router with its own AS. Now, the questions is how a redundant setup would look like. would it make sence to use carp devices? or is it better to setup some kin

Re: Issues Using Forticlient behind an OpenBSD Firewall to connect to a Fortigate IPSEC VPN Server

"Siju George" <[EMAIL PROTECTED]> writes: > I tried connecting from a network that is not firewalled by OpenBSD > and the VPN connection to the same Fortigate Server is working fine > and I am able to access the internal machines. Sounds almost like you need to pass at least one of the protocols

Re: Issues Using Forticlient behind an OpenBSD Firewall to connect to a Fortigate IPSEC VPN Server

On Tuesday 03 July 2007 07:36, Siju George wrote: > Hi, > > I am on a MS Windows XP system behind an OpenBSD 4.0 firewall. > All outbound TCP, UDP and ICMP traffic from the LAN is let out > through PF. > > I am able to connect to another Fortigate IPSEC VPN Server on the > Internet using Forticlien

Issues Using Forticlient behind an OpenBSD Firewall to connect to a Fortigate IPSEC VPN Server

Hi, I am on a MS Windows XP system behind an OpenBSD 4.0 firewall. All outbound TCP, UDP and ICMP traffic from the LAN is let out through PF. I am able to connect to another Fortigate IPSEC VPN Server on the Internet using Forticlient on the same XP system but no data communication happens betwe

Re: Bad performance on ThinkPad T41 (-current checked out on July 1)

On Tue, Jul 03, 2007 at 01:49:09PM +0200, Martin Toft wrote: > On Tue, Jul 03, 2007 at 04:32:13PM +1000, Jonathan Gray wrote: > > Include the output of 'atactl wd0' perhaps you have something like > > caching turned off. Also you can't hope for similiar results if you > > use different programs on

Re: Bad performance on ThinkPad T41 (-current checked out on July 1)

On Tue, Jul 03, 2007 at 04:32:13PM +1000, Jonathan Gray wrote: > Include the output of 'atactl wd0' perhaps you have something like > caching turned off. Also you can't hope for similiar results if you > use different programs on both systems. Disk I/O is the only test where I use different progr

Insertion of compact flash w/ pcmcia card == kernel panic w/ 4.1-STABLE or 4.1-CURRENT

Reading the wd man page, I assumed that flash cards were supported in Openbsd 4.1. This particular combo of SanDisk's CompactFlash PC Card Adapter model SDAD-38-A10 with two different SanDisk compactflash cards generated kernel panic as soon as the compact flash cards were inserted into a Thinkpa

Re: Trunk(4), vlan problems

> On 2007/07/03 11:48, Fredrik Carlsson wrote: >> > trunk0: flags=8802 mtu 1500 >> > vlan1: flags=8843 mtu 1500 > > this is strange, where is the decode of the flags? > > In-Reply-To: <[EMAIL PROTECTED]> > ahh... perhaps your mail client ate them. > > anyway, 8802 means your trunk0 is not ifconfig'

Re: Trunk(4), vlan problems

On 2007/07/03 11:48, Fredrik Carlsson wrote: > > trunk0: flags=8802 mtu 1500 > > vlan1: flags=8843 mtu 1500 this is strange, where is the decode of the flags? In-Reply-To: <[EMAIL PROTECTED]> ahh... perhaps your mail client ate them. anyway, 8802 means your trunk0 is not ifconfig'd "up".

Re: Trunk(4), vlan problems

> Hi, > > I'm trying to set up an OpenBSD router against two switches (failover solution), the switches have a cable between them. > > em0 - connects to switch01 port 1 (switch01 addr: 10.10.1.18) > em1 - connects to switch02 port 1 (switch02 addr: 10.10.1.19) > switch 1 and 2 has a management vlan

PML4 address

I'm trying to determine PLM4's address on OpenBSD-4.1 Release on amd64. So, i'm looking into sys/arch/amd64/amd64/locore.S. There is a point where PML4 is set (line 519): /* * 3. Load %cr3 with pointer to PML4. */ movl%esi,%eax movl%eax,%cr3 I

Re: 'netstat: invalid address (30000) ???" on 4.1-current i386 binary snapshot

On 7/3/07, Adriaan <[EMAIL PROTECTED]> wrote: On 6/28/07, Otto Moerbeek <[EMAIL PROTECTED]> wrote: > > On Thu, 28 Jun 2007, Adriaan wrote: > > > On a freshly installed binary snapshot "netstat -an -f inet6" shows > > "netstat: invalid address (3) ???" > > thanks for the report, we can reprodu

Re: : acpi suspend?

If I may extend the question a bit... How are the chances that "hibernate" (to swap) will be implemented in the (relatively near) future>? I just bought a used ThinkPad T23, it comes with XP and the BIOS does not look like a Phoenix BIOS, so it seems hibernation needs OS support the XP way. Have

Re: kerberos - incorrect net address

On Tue, 03 Jul 2007 03:39:51 + "Douglas Maus" <[EMAIL PROTECTED]> wrote: > Could someone help me understand IP addresses, DNS, and > Kerberos on OpenBSD? > > I was getting "incorrect net address" when trying to kinit, > and I found that switching 2 lines in /etc/hosts > putting first > 10.0.1

Re: 'netstat: invalid address (30000) ???" on 4.1-current i386 binary snapshot

On 6/28/07, Otto Moerbeek <[EMAIL PROTECTED]> wrote: On Thu, 28 Jun 2007, Adriaan wrote: > On a freshly installed binary snapshot "netstat -an -f inet6" shows > "netstat: invalid address (3) ???" thanks for the report, we can reproduce and are looking into this -Otto [snip] I r