Maximo Pech schrieb:
would you not be better to use ALTQ to limit the bandwidth available
to each user? then if they share their password their only sharing
their own use?
Users are not in my local network. They will connect from the internet and
they have dynamic IPs so I guess that
Hi,
On Thu, 25.09.2008 at 13:54:53 +0200, ng-sup01 [EMAIL PROTECTED] wrote:
The machine, once power-cycled, rebooted without a hitch, not even
complaining about disk corruption or anything.
this doesn't have to mean much.
I recently wanted to install OpenBSD on a machine which also claimed to
On Tue, 30.09.2008 at 14:54:25 -0400, bofh [EMAIL PROTECTED] wrote:
Unfortunately no. But I think one of the ports maintainers was
looking at it for 4.4.
*LOL*
There are some semi-finished ports floating around in the archives.
You might want to make a stab at it, too.
Kind regards,
Hi,
On Tue, 30.09.2008 at 22:23:21 -0600, Dale Carstensen [EMAIL PROTECTED] wrote:
I did trace and ps in ddb, but another crash before savecore could
capture the result of boot dump lost the crash dump, and the
results of those commands.
recommended procedure (if you can do this): Get a
On 2008-09-29, Carl Horne [EMAIL PROTECTED] wrote:
I build this from source because I needed USE_SOCKETS enabled.
What does USE_SOCKETS do for you? Perhaps there's another way to
do things that would let you use OpenBSD's dhcpd. (In -current and
4.4 we now support DHCP failover too, by the way).
On 2008-10-01, Nick Guenther [EMAIL PROTECTED] wrote:
If you are looking for package descriptions, install the ports tree
and read the Makefiles.
For 4.4/-current, landry@ has written a curses-based package browser,
pkg_mgr. It's in the ports tree and of course a package is available,
pkg_add
Hi,
int main()
{
int i;
short int *screen = (short int *) 0xB8000;
char msg[]=Hello World;
for(i=0; msg[i] != '\0'; *(screen++) = 0x1F00 | msg[i], ++i);
for(;;);
return 0;
}
When i compiled i got a very big main.bin file more then 960MByte, so i
tried to change the char vector with
Hi there,
is there any weight to this new story on slashdot
http://it.slashdot.org/it/08/10/01/0127245.shtml
about a new attacker possible to break any tcp stack? Sounds rather
shady, so here I am, perhaps you guys have your ears closer to the ground
Regards
Maximo Pech escreveu:
I mean, I don't know if there's another way to do it without having to login
in the ssh server.
What about a VPN? You can filter on vpn ip's.
--
Giancarlo Razzolini
http://lock.razzolini.adm.br
Linux User 172199
Red Hat Certified Engineer no:804006389722501
On Wed, 2008-10-01 at 14:52 +0200, Leon Dippenaar wrote:
Hi there,
is there any weight to this new story on slashdot
http://it.slashdot.org/it/08/10/01/0127245.shtml
about a new attacker possible to break any tcp stack? Sounds rather
shady, so here I am, perhaps you guys have your ears
* (private) HKS [EMAIL PROTECTED] [2008-09-30 22:34]:
Thanks, I overlooked that a default queue was required. With that in
mind, then, does this section of pf.conf(5) imply that the queue
directive is sticky?
pf.conf doesn't say it would be sticky anywhere, and, surprise, it
isn't.
--
On Wed, Oct 01, 2008 at 03:31:00PM +0200, Stephan A. Rickauer wrote:
On Wed, 2008-10-01 at 14:52 +0200, Leon Dippenaar wrote:
Hi there,
is there any weight to this new story on slashdot
http://it.slashdot.org/it/08/10/01/0127245.shtml
about a new attacker possible to break any tcp
On Wed, 01 Oct 2008 14:52:29 +0200
Leon Dippenaar [EMAIL PROTECTED] wrote:
Hi there,
is there any weight to this new story on slashdot
http://it.slashdot.org/it/08/10/01/0127245.shtml
about a new attacker possible to break any tcp stack? Sounds rather
shady, so here I am, perhaps you
On Wed, 1 Oct 2008 15:58:22 +0200
Claudio Jeker [EMAIL PROTECTED] wrote:
On Wed, Oct 01, 2008 at 03:31:00PM +0200, Stephan A. Rickauer wrote:
On Wed, 2008-10-01 at 14:52 +0200, Leon Dippenaar wrote:
Hi there,
is there any weight to this new story on slashdot
Duncan Patton a Campbell wrote:
It seems to me the problem is with SYN cookies.
SYN cookies are only mentioned to boast about their high-performance tcp
flooder. Problem is that some systems 'became overly responsive', and
this is clearly an implementation issue.
We noticed that certain
On Wed, Oct 01, 2008 at 03:58:22PM +0200, Claudio Jeker wrote:
| On Wed, Oct 01, 2008 at 03:31:00PM +0200, Stephan A. Rickauer wrote:
| On Wed, 2008-10-01 at 14:52 +0200, Leon Dippenaar wrote:
| Hi there,
|
| is there any weight to this new story on slashdot
|
On Wed, Oct 1, 2008 at 4:22 PM, Duncan Patton a Campbell
[EMAIL PROTECTED] wrote:
It seems to me the problem is with SYN cookies.
When I read the pseudo article, I had the impression that the server
does not have to implement SYN cookies. Their sockstress program uses
(client) SYN cookies to
On Wed, 01 Oct 2008 12:24:16 -0300
Fernando Gont [EMAIL PROTECTED] wrote:
At 11:13 a.m. 01/10/2008, Duncan Patton a Campbell wrote:
Sockstress computes and stores so-called client-side SYN cookies and
enables Lee and Louis to specify a destination port and IP address.
The method allows
Most application protocols running on TCP are quite vulnerable to DoS,
but nobody has seemed to care so far...
Hi Folks,
Looking for a bit of insight from you guys in the know.
I've deployed a 4.3 box as a pen test / scanning tool for our network. One of
the toys I've put on is HPING from the packages collection.
Ok so here's the problem if I do a 'hping -c 1 -i u100 -1 xx.xx.xx.xx' I
generate a
At 11:47 a.m. 01/10/2008, Dries Schellekens wrote:
It seems to me the problem is with SYN cookies.
When I read the pseudo article, I had the impression that the server
does not have to implement SYN cookies. Their sockstress program uses
(client) SYN cookies to estabilish a lot of TCP
At 12:41 p.m. 01/10/2008, Duncan Patton a Campbell wrote:
This is simply the naphta attack. They don't really need to use syn
cookies. They could simply ACK any SYN/ACK they receive, and that's it.
The impression I got is that they collect enough SYN cookies from
the server to crack the
Ok so here's the problem if I do a 'hping -c 1 -i u100 -1 xx.xx.xx.xx' I
generate a rather unimpressive 50pps. Issuing the same command on a gentoo box
(sorry) I get 9000+ pps.
time sudo ping -f ping
PING ping.oat.com (198.5.5.10): 56 data bytes
--- ping.oat.com ping statistics ---
12180
At 11:13 a.m. 01/10/2008, Duncan Patton a Campbell wrote:
Sockstress computes and stores so-called client-side SYN cookies and
enables Lee and Louis to specify a destination port and IP address.
The method allows them to complete the TCP handshake without having
to store any values, which
Fernando Gont wrote:
According to a podcast I listened to, this is not what they try to do.
And even then, brute force attacks against SYN cookies have already
been discussed in the past. (although I agree that it usually requires
hard googling to spot the right documentation)
Kind regards,
At 01:56 p.m. 01/10/2008, Peter J. Philipp wrote:
I listened to the podcast and got the idea that the socket is in
ESTABLISHED state (so after 3 way handshake) and they
mention that a packets PCB resources have timers, and that is what
they exploit.
That was just an example of the type of
Fernando Gont wrote:
At 01:56 p.m. 01/10/2008, Peter J. Philipp wrote:
I listened to the podcast and got the idea that the socket is in
ESTABLISHED state (so after 3 way handshake) and they
mention that a packets PCB resources have timers, and that is what
they exploit.
That was just an
Hi Geoff,
Thanks for the reply, no I don't think it's the box, DMESG below.
Ok some test output where the IP pinged is the far end of a /30 subnet
on a dedicated 1G line rate router port of a 7609 cisco, sup 720 etc..
If I do a flood PING
# time ping -c 1000 -f 80.65.xxx.xxx
PING
Hi list.
I've been offered a Blade 2000 with an XVR-1000 graphics card, and was
hoping to run 4.4-current on it. Ideally would like to use it with X, but
can't seem to find any definitive information about whether this graphics
card works with xenocara.
Anyone have any experience with it? Does
On 2008/10/1, Stuart Henderson [EMAIL PROTECTED] wrote:
On 2008-10-01, Nick Guenther [EMAIL PROTECTED] wrote:
If you are looking for package descriptions, install the ports tree
and read the Makefiles.
A lynx dump of http://www.openbsd.org/4.3_packages/i386.html
seems more handy.
For
On Oct 1, 2008, at 11:11 AM, Peter J. Philipp wrote:
Fernando Gont wrote:
If the discoverers of this bug don't make their sockstress
available to OpenBSD then I have a userland TCP/IP stack for
OpenBSD developers (mail me), but it's only written to be a server,
but I suspect it would be
Hello,
Yesterday I managed to get my hands on the system which halted
twice with a uvm_fault (see original post).
Rebooted in single-user and, as suggested, ran fsck on / first,
then on /usr and /var.
Turned out clean.
If all goes well, I should have a replacement firewall today, so
I
32 matches
Mail list logo
