Re: Patching a SSH 'Weakness'

On Wed, 10 Sep 2008, STeve Andre' wrote: On Wednesday 10 September 2008 15:58:03 Kevin Neff wrote: Hi, Some secure protocols like SSH send encrypted keystrokes as they're typed. By doing timing analysis you can figure out which keys the user probably typed (keys that are physically

Patching a SSH 'Weakness'

Just off the top of my head (I have to check the SSH protocol yet): Why not encipher all accumulated keystrokes up to the Enter key as a block send them instead of sending each keystroke as it is typed? This shrouds the typist's characteristics. In addition, if the cipher is a block cipher,

Re: altq on enc0?

On Wed, Sep 10, 2008 at 10:11:05PM +0200, Toni Mueller wrote: I've just discovered that this is unsupported. How difficult would it be to add support for this? why not just tag the packet on enc0 and altq on the 'real' interface?

Re: Patching a SSH 'Weakness'

I'd like to see what I'm typing, as I'm typing it, in my interactive SSH session. Andreas 2008/9/11 [EMAIL PROTECTED]: Just off the top of my head (I have to check the SSH protocol yet): Why not encipher all accumulated keystrokes up to the Enter key as a block send them instead of sending

Re: Patching a SSH 'Weakness'

11 September 2008 G. 12:00:18 [EMAIL PROTECTED] wrote: Just off the top of my head (I have to check the SSH protocol yet): Why not encipher all accumulated keystrokes up to the Enter key as a block send them instead of sending each keystroke as it is typed? This shrouds the typist's

Re: Patching a SSH 'Weakness'

On Thu, Sep 11, 2008 at 10:06:27AM +0900, Hari wrote: | On Thu, Sep 11, 2008 at 4:58 AM, Kevin Neff [EMAIL PROTECTED] wrote: | Hi, | | Some secure protocols like SSH send encrypted keystrokes | as they're typed. By doing timing analysis you can figure | out which keys the user probably typed

Re: Wireless

OpenBSD wrote: On Mon, 8 Sep 2008 23:24:26 +0200 Paul de Weerd [EMAIL PROTECTED] wrote: On Mon, Sep 08, 2008 at 01:52:43PM -0700, OpenBSD wrote: | BTW, do you know 1 USB wireless card that work without firmware, to be used to install OBSD? I have a wi(4) that attaches to usb and doesn't need

Re: Is it possible to add pppoe to a bridge? Yes after hacking, but....

Peter wrote: Even if a bridge is empty it seems impossible to add pppoe to it. This doesn't change if the first bridge member has an MTU identical to that of the pppoe interface (thank you to Martin Reindl for a patch enabling mtu changes on Sun quad ethernet). For my own, and anyone

Re: Wireless

On Thu, Sep 11, 2008 at 11:33:43AM +0200, Heinrich Rebehn wrote: Paul, when you had success with rum(4), did you use wpa? I am having trouble getting a Hercules HWGUSB2-54 under OpenBSD 4.4 to work with my FritzBox 7220 using wpa(tkip). At start, the association succeeds, but after some 15

Re: Patching a SSH 'Weakness'

On Thu, Sep 11, 2008 at 10:42 AM, Andreas Kahari [EMAIL PROTECTED]wrote: I'd like to see what I'm typing, as I'm typing it, in my interactive SSH session. Use local echo instead of remote echo then? Reduces chattiness on the link too.

Re: ntpd can hang on boot

* Henning Brauer [EMAIL PROTECTED] [2008-09-10 10:39]: ntpd -s will time out eventually, but the 'eventually' might be painfully far away. it's the dns routines that block and cause these problems. i know how to fix this but haven't found the time to do so yet. maybe i get a chance on the

Separated at birth?

http://radio.blowfish.com/images/radiologo.jpg http://www.openbsd.org/images/openbsd30_cover.gif

forcing system disk to wd0

I just added a 4 port promise sata card and cannot figure a way of forcing the sata ports on the motherboard to take precedence over the sata pci card. Any pointers to useful info would be greatly appreciated. I guess i'll have to mess with the BIOS and IRQs but these are, till now out of

Re: forcing system disk to wd0

On Thu, Sep 11, 2008 at 09:40:47AM +0200, Joseph A Borg wrote: I just added a 4 port promise sata card and cannot figure a way of forcing the sata ports on the motherboard to take precedence over the sata pci card. why? It's just a number. Any pointers to useful info would be greatly

Re: forcing system disk to wd0

Right, assuming you don't have to change your boot device in BIOS all you have to do is do it in fstab. On Thu, Sep 11, 2008 at 01:04:19PM +0200, Otto Moerbeek wrote: On Thu, Sep 11, 2008 at 09:40:47AM +0200, Joseph A Borg wrote: I just added a 4 port promise sata card and cannot figure a

Re: SSH question (4.3)

Hi! On Wed, Sep 10, 2008 at 10:00:23PM +0200, Toni Mueller wrote: On Wed, 10.09.2008 at 13:56:23 +0200, Hannah Schroeter [EMAIL PROTECTED] wrote: (I.e. check whether there's some intervening dir that's not accessible to user admin/group admin, but to group wheel). that was the problem,

Little update to authpf

Hi all, I do not know if this is the correct list, or even method to send patches, but did not found anything appropriate on the OpenBSD website. I'd like to propose a little feature enhancement for the authpf. Here are the details: - authpf can show a message to an user successfully logged in -

Re: Little update to authpf

On Thu, Sep 11, 2008 at 2:09 PM, Rafal Bisingier [EMAIL PROTECTED]wrote: Below is a patch which change current behavior, so that the message is searched first in the /etc/authpf/USER dir, and if it's not found Would/etc/authpf/authpf.USER.messagenot be better? Sample change

Re: Little update to authpf

Hi, On Thu, 11 Sep 2008 14:26:42 +0200 Ross Cameron [EMAIL PROTECTED] wrote: On Thu, Sep 11, 2008 at 2:09 PM, Rafal Bisingier [EMAIL PROTECTED]wrote: Below is a patch which change current behavior, so that the message is searched first in the /etc/authpf/USER dir, and if it's not found

nat - DNS-ALG ... Translating DNS for Twice-NAT

Hi, I have a Problem with DNS while connecting two overlapping private networks. Now I'm looking for a DNS Server which will remap certain IP-addresses according to a translation table or rule. While beeing unsure - googeling on the topic I found that I'm looking for something called DNS-ALG -

Re: Little update to authpf

) | \ \\ 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A http://todd.fries.net/pgp.txt Penned by Rafal Bisingier on 20080911 14

Re: nat - DNS-ALG ... Translating DNS for Twice-NAT

Stefan Sczekalla wrote: Hi, I have a Problem with DNS while connecting two overlapping private networks. Now I'm looking for a DNS Server which will remap certain IP-addresses according to a translation table or rule. Hi, What is the real problem you're trying to solve ? Laurent

Re: Little update to authpf

Hi! On Thu, Sep 11, 2008 at 07:52:14AM -0500, Todd T. Fries wrote: I think you might want to check to see if the file exists not just if the asprintf succeeds.. But yes I do agree this is useful functionality that I've tested quite thoroughly... Another nit in the patch: Index: authpf.c

Re: nat - DNS-ALG ... Translating DNS for Twice-NAT

Hi Laurent, The Problem I like to solve is: Hiding a Network by nat while keeping it accessible via DNS without translating every natted IP manually on a local DNS-Server. Kind regards, Stefan -Original Message- From: Laurent CARON [mailto:[EMAIL PROTECTED] Sent: Thursday, September

Re: Little update to authpf

* Hannah Schroeter [EMAIL PROTECTED] [2008-09-11 15:20]: Hi! On Thu, Sep 11, 2008 at 07:52:14AM -0500, Todd T. Fries wrote: I think you might want to check to see if the file exists not just if the asprintf succeeds.. But yes I do agree this is useful functionality that I've tested quite

Re: nat - DNS-ALG ... Translating DNS for Twice-NAT

Stefan Sczekalla [EMAIL PROTECTED] writes: I have a Problem with DNS while connecting two overlapping private networks. Now I'm looking for a DNS Server which will remap certain IP-addresses according to a translation table or rule. Overlapping address ranges tend to produce their own sets

Re: nat - DNS-ALG ... Translating DNS for Twice-NAT

Stefan Sczekalla wrote: Hi Laurent, The Problem I like to solve is: Hiding a Network by nat while keeping it accessible via DNS without translating every natted IP manually on a local DNS-Server. Maybe i'm completely stupid but i *really* don't see the goal of this. - You've got a private

Re: Little update to authpf

Hi! On Thu, Sep 11, 2008 at 03:28:07PM +0200, Henning Brauer wrote: * Hannah Schroeter [EMAIL PROTECTED] [2008-09-11 15:20]: On Thu, Sep 11, 2008 at 07:52:14AM -0500, Todd T. Fries wrote: I think you might want to check to see if the file exists not just if the asprintf succeeds.. But yes I

Re: rtw0 is playing games with me (again)

On Thu, 11 Sep 2008 05:54:18 +0100 Tomas Bodzar [EMAIL PROTECTED] wrote: Hi, Just my view as a beginner with this system (or BFU :-)).Using -current or following -stable is easy.I was trying following -current ,but found,that using snapshots is soo easy and that following -current is

Re: Patching a SSH 'Weakness'

On Thursday 11 September 2008 02:28:58 Damien Miller wrote: On Wed, 10 Sep 2008, STeve Andre' wrote: On Wednesday 10 September 2008 15:58:03 Kevin Neff wrote: Hi, Some secure protocols like SSH send encrypted keystrokes as they're typed. By doing timing analysis you can figure

Re: Little update to authpf

* Hannah Schroeter [EMAIL PROTECTED] [2008-09-11 15:56]: How about checking whether it's a regular file, too? to preven symlinks? nah... stat follows symlinks, so that's no problem. However it'll prevent directories, pipes, sockets and devices. d'oh. of course. ignore me. -- Henning

Re: nat - DNS-ALG ... Translating DNS for Twice-NAT

Hi Lurent, e.g. : you join two companies ( lets name them A and B ) using overlapping private adress-space. Lets assume A has a Fileserver.A at 192.168.2.1. Users on Company B like to acces Fileserver.A using - but at B they have their Mailserver.B at 192.168.2.1. So the network form Company A

Re: nat - DNS-ALG ... Translating DNS for Twice-NAT

Stefan Sczekalla wrote: Hi Lurent, e.g. : you join two companies ( lets name them A and B ) using overlapping private adress-space. Lets assume A has a Fileserver.A at 192.168.2.1. Users on Company B like to acces Fileserver.A using - but at B they have their Mailserver.B at 192.168.2.1.

Re: nat - DNS-ALG ... Translating DNS for Twice-NAT

I will definitely take a look at it ... -Original Message- From: Laurent CARON [mailto:[EMAIL PROTECTED] Sent: Thursday, September 11, 2008 4:13 PM To: Stefan Sczekalla Cc: misc@openbsd.org Subject: Re: nat - DNS-ALG ... Translating DNS for Twice-NAT Stefan Sczekalla wrote: Hi Lurent,

Re: Little update to authpf

Hi, On Thu, 11 Sep 2008 07:52:14 -0500 Todd T. Fries [EMAIL PROTECTED] wrote: I think you might want to check to see if the file exists not just if the asprintf succeeds.. Yes, that's a really good idea... ;-) But yes I do agree this is useful functionality that I've tested quite

Re: forcing system disk to wd0

my problem is that i have just purchased two hot-swap cages. One puts 2 laptop drives in a 3.5 bay that will be used to back up daily work on a roster of 5 disks, the other is consists of 3 regular hard drives in the space of 2x5.25 bays and currently houses the system hd, the projects hd

3ware hardware raid support?

Hi folks, Are the more recent 3ware raid controllers supported, e.g. the 3Ware 9650SE series? Its not mentioned on the compatibility list or in the current man page, but maybe (hopefully) it is out of date? Regards Harri

Re: Patching a SSH 'Weakness'

STeve Andre' escreveu: This is nearly complete bullshit. For any individual, learning their characteristics could give rise to being able to know a great deal about what they are doing, but hardly for the general case. I know people who type blindingly fast. I'm a mutant hunt 'n pecker,

Re: forcing system disk to wd0

On 2008-09-11, Joseph A Borg [EMAIL PROTECTED] wrote: I just added a 4 port promise sata card and cannot figure a way of forcing the sata ports on the motherboard to take precedence over the sata pci card. You may get lucky by moving it to a different slot. Or you may not.

Re: Patching a SSH 'Weakness'

Also, tab-completion won't work, top won't work, control characters won't work, vim won't work, etc etc... -HKS On Thu, Sep 11, 2008 at 4:00 AM, [EMAIL PROTECTED] wrote: Just off the top of my head (I have to check the SSH protocol yet): Why not encipher all accumulated keystrokes up to the

Re: forcing system disk to wd0

but i'll have to change it every time i add or remove a hard disk which can be pretty frequent. if the total number of drives in the system is not the same from boot to boot, i have to tweak fstab. is it possible for a future update of OpenBSD to tweak fstab to take references to the boot

Re: altq on enc0?

Hi, On Thu, 11.09.2008 at 10:05:36 +0200, Markus Friedl [EMAIL PROTECTED] wrote: On Wed, Sep 10, 2008 at 10:11:05PM +0200, Toni Mueller wrote: I've just discovered that this is unsupported. How difficult would it be to add support for this? why not just tag the packet on enc0 and altq

Re: nat - DNS-ALG ... Translating DNS for Twice-NAT

On 16:13, Thu 11 Sep 08, Laurent CARON wrote: Stefan Sczekalla wrote: Hi Lurent, e.g. : you join two companies ( lets name them A and B ) using overlapping private adress-space. Lets assume A has a Fileserver.A at 192.168.2.1. Users on Company B like to acces Fileserver.A using -

Re: Patching a SSH 'Weakness'

On Thu, Sep 11, 2008 at 11:49:39AM -0400, (private) HKS wrote: | Also, tab-completion won't work, top won't work, control characters | won't work, vim won't work, etc etc... I'm glad someone brought up this point.

Re: forcing system disk to wd0

On Thu, Sep 11, 2008 at 5:52 AM, Joseph A Borg [EMAIL PROTECTED] wrote: but i'll have to change it every time i add or remove a hard diskwhich can be pretty frequent. Ah, so there's the rest of the problem description. (You didn't initially why the assignments were an issue, so the assumption

Re: forcing system disk to wd0

I'm mildly interested in this issue. I had a system a while back where my root fs drive was plugged into the mobo's sata port, but I had a PCI sata card with a bunch of other drives on it. I only ran Linux on it (hate to muddy the waters by bring up Linux). Sometimes the root drive would be

OpenBSD runs on VIA Eden ESP4000

Hey, I got a cpu VIA Eden ESP 4000 400Mhz,I searched it in Google,I found some problem with it(http://www.google.com/custom?hl=zh-CNcof=L:http://www.NetBSD.org/images/NetBSD-smaller.png%3BLH:200%3BLW:200%3Bdomains=NetBSD.orgsitesearch=NetBSD.orgq=Eden+ESPstart=0sa=N) I check the FAQ about

Re: forcing system disk to wd0

hi marco no problemo, and thanks for the prompt replies. I'm just projecting possibilities, trying to make it work for me. yet I'd like to avoid looking for info that doesn't exist, which ironically takes the longest to look for. On Sep 11, 2008, at 19:19, Marco Peereboom wrote: Why would you

Confused about bridge/gif/trunk failover

Hi, I have a laptop that is connected via wifi to an OBSD router. The router has seperate subnets for the wired and wireless interfaces (ie, they are not bridged). I'd like to give the laptop an IP from the wired LAN, the goal being to eventually get failover to work with trunk(4). As per

Re: Confused about bridge/gif/trunk failover

bbee escreveu: Hi, I have a laptop that is connected via wifi to an OBSD router. The router has seperate subnets for the wired and wireless interfaces (ie, they are not bridged). I'd like to give the laptop an IP from the wired LAN, the goal being to eventually get failover to work with

Re: Confused about bridge/gif/trunk failover

On Thu, 11 Sep 2008, Giancarlo Razzolini wrote: bbee escreveu: As per the IPSEC BRIDGE section in brconfig(8) I've set up host-to-host ipsec and a gif tunnel between the router and the laptop. Then on the router, I bridge the wired interface and the gif tunnel. tcpdump shows me the laptop is

Workaround/Solution for i386/5873: No sound on Eee PC 900 with OpenBSD 4.4-beta

Hi, I had the same problem with my eee pc 900 as stated in i386/5873: azalia(4) seemed to work, but the speakers didn't produce any output. Running a snapshot from last week, I played again with some mixerctl settings and found the following setting to make the speakers work: mixerctl

Re: Confused about bridge/gif/trunk failover

bbee escreveu: On Thu, 11 Sep 2008, Giancarlo Razzolini wrote: Yes, as per the last example in trunk(4). If I unplug the LAN cable from my laptop, I want the connections to survive by failover to the wireless connection. The trunk(4) example doesn't describe the router's end of the

p0f missing OS X 10.5 and 10.4

p0f seems to not be able to identify OS X, leaving it as 'unknown' For example for OS X Intel 10.5: UNKNOWN [65535:43:1:64:M1460,N,W3,N,N,T,S,E:P:?:?] (up: 2532 hrs) OS X Intel 10.5 and 10.4 and PPC 10.4, among others, need to be identified in /etc/pf.os Are they too similar to FreeBSD to have

Re: ntpd can hang on boot

On Thu, Sep 11, 2008 at 12:21:29PM +0200, Henning Brauer wrote: * Henning Brauer [EMAIL PROTECTED] [2008-09-10 10:39]: ntpd -s will time out eventually, but the 'eventually' might be painfully far away. it's the dns routines that block and cause these problems. i know how to fix this but

Re: forcing system disk to wd0

the kernel is absolutely something i wouldn't touch, unless it's a well documented and easy to follow tweak but thanks for all the detailed info. On Sep 11, 2008, at 19:01, Philip Guenther wrote: On Thu, Sep 11, 2008 at 5:52 AM, Joseph A Borg [EMAIL PROTECTED] wrote: but i'll have to change

X on a headless box?

Is there a virtual frame buffer that can work with OpenBSD? -- Luke Tidd LTCS 2131 Bolton Rd. NW Atlanta, GA 30318 678-294-2604

Re: X on a headless box?

xvnc On Thu, Sep 11, 2008 at 6:30 PM, Luke Tidd [EMAIL PROTECTED] wrote: Is there a virtual frame buffer that can work with OpenBSD? -- Luke Tidd LTCS 2131 Bolton Rd. NW Atlanta, GA 30318 678-294-2604

Re: Confused about bridge/gif/trunk failover

On Thu, 11 Sep 2008, Johan Torin wrote: On Thursday 11 September 2008, bbee wrote: tcpdump shows me the laptop is recieving etherip packets from the router, but ofcourse since it isn't a bridge itself it doesn't know what to do with them. How do I get the laptop to process these packets? What

Re: altq on inbound traffic

[EMAIL PROTECTED] :-) Bah. It's still relevant. :) for simple cases yes, but you missed quoting this bit: For example, if there is more than one internal network, one can't create a single altq instance that covers them all. You can divide bandwidth between them, but you can't borrow

Story Behind 4.4 T-Shirt?

I'm just curious what the story is behind the new t-shirt coming out. I thought Sun was becoming more open. Thanks, Brian