Re: strange (?) ssh user
Hi Uwe,
On Fri, Aug 21, 2009 at 01:54:06PM +0800, Uwe Dippel wrote:
Ryan Flannery wrote:
On Fri, Aug 21, 2009 at 1:19 AM, Uwe Dippeludip...@uniten.edu.my wrote:
Recently, I noticed an ssh user on one of my machines, who never logged on,
is not visible with 'last', seems to have no terminal active, and is back
immediately after a reboot.
Hmm.
root 13415 0.0 0.9 3280 2420 ?? Ss12:04PM0:00.08 sshd:
isuser
isuser 702 0.0 0.7 3280 1824 ?? S 12:04PM0:00.00 sshd: isuser
Whatever I do with finger, w, last, no trace of any activity; not even a
login.
Just to be clear here, do you see anything in /var/log/authlog?
Yes. Like
Accepted password for isuser from XXX.XX.XX.XX port 61802 ssh2
And this XXX.XX.XX.XX is the address of a machine you know ? The user
is a well known user to you, some system account perhaps ?
To be clear, the user exists, and logged on the last time three days ago
as far as 'last' is concerned.
This does not really match up with your previous statements of who
never logged on, is not visible with 'last'.
What is this user doing ? Any other processes running under his uid ?
If he's back immediately after a reboot, it sounds like an automated
log in (using password auth; that may be interesting).
What exactly do you want to know here ? How to log in without showing
up in finger/w/last/etc ? Try `while :; do ssh ${HOST} read A; done`,
it does exactly what you describe.
Are you sure that account is not compromised and your machine is not
sending out lots of e-mail ?
Cheers,
Paul 'WEiRD' de Weerd
--
[++-]+++.+++[---].+++[+
+++-].++[-]+.--.[-]
http://www.weirdnet.nl/
Re: strange (?) ssh user
Hi, On Fri, Aug 21, 2009 at 6:54 AM, Uwe Dippeludip...@uniten.edu.my wrote: Yes. Like Accepted password for isuser from XXX.XX.XX.XX port 61802 ssh2 To be clear, the user exists, and logged on the last time three days ago as far as 'last' is concerned. This sounds very fishy. I would start backing up if I were you. You said first that last says the user had not logged on, but now that it has 3 days ago? Is the user covering up his/her traces or was that a typo? See what the user is doing and what is in his/her home directory. Try to find information about the machine which it is coming from. Change the root password and re-mount important partitions read-only until you find what this is all about? Good luck. And report back what it was. I would be interested to know. -- Best Regards Edd Barrett (Freelance software developer / technical writer / open-source developer) http://students.dec.bournemouth.ac.uk/ebarrett
Re: strange (?) ssh user
On Fri, Aug 21, 2009 at 7:19 AM, Uwe Dippel udip...@uniten.edu.my wrote: Recently, I noticed an ssh user on one of my machines, who never logged on, is not visible with 'last', seems to have no terminal active, and is back immediately after a reboot. Hmm. root 13415 0.0 0.9 3280 2420 ?? Ss12:04PM0:00.08 sshd: isuser isuser 702 0.0 0.7 3280 1824 ?? S 12:04PM0:00.00 sshd: isuser Whatever I do with finger, w, last, no trace of any activity; not even a login. I tried to kill the processes, and they are gone, but the next second another pair is up. Could anyone help me to explain what is going on here? Uwe As its not clear to me if isuser is a user you trust, created or needed for your services, I would say your machine might have been compromised. What kind of traffic is isuser generating? Is it just a reverse ssh shell? Can you shutdown his account or set his/her/its shell to nologin(8)? Next install you might consider following the advices of mtree(8) as the output of previous and current `mtree -cK sha1digest` would be really usefeul here.
Re: strange (?) ssh user
Paul de Weerd wrote:
Hi Uwe,
Yes. Like
Accepted password for isuser from XXX.XX.XX.XX port 61802 ssh2
And this XXX.XX.XX.XX is the address of a machine you know ?
Yes
The user
is a well known user to you,
Yes
some system account perhaps ?
No
To be clear, the user exists, and logged on the last time three days ago
as far as 'last' is concerned.
This does not really match up with your previous statements of who
never logged on, is not visible with 'last'.
Sorry, my shoddy way of saying things. 'Never' meant 'never while there
were processes running under his user-ID in the last hours'
So his last 'last' is 3 days old.
What is this user doing ? Any other processes running under his uid ?
No, only the root- and user-id of ssh.
If he's back immediately after a reboot, it sounds like an automated
log in (using password auth; that may be interesting).
What exactly do you want to know here ? How to log in without showing
up in finger/w/last/etc ? Try `while :; do ssh ${HOST} read A; done`,
it does exactly what you describe.
Are you sure that account is not compromised and your machine is not
sending out lots of e-mail ?
Hmm. How would I know? The daily security report gives out a reasonable
number of mails, top looks okay to me, low as usual.
Cheers,
Thanks,
Uwe
Re: strange (?) ssh user
Edd Barrett wrote: Hi, On Fri, Aug 21, 2009 at 6:54 AM, Uwe Dippeludip...@uniten.edu.my wrote: Yes. Like Accepted password for isuser from XXX.XX.XX.XX port 61802 ssh2 To be clear, the user exists, and logged on the last time three days ago as far as 'last' is concerned. This sounds very fishy. I would start backing up if I were you. Did this. You said first that last says the user had not logged on, but now that it has 3 days ago? Is the user covering up his/her traces or was that a typo? (See my other mail, my ambiguity: Last record in 'last' of 3 days ago.) See what the user is doing and what is in his/her home directory. Nothing except of ssh - Nothing much. The usual few files. Nothing in hidden files. Try to find information about the machine which it is coming from. It is an inside (LAN) machine, standard workstation/desktop I would be interested to know. Me too! ;) Uwe
Re: strange (?) ssh user
Iqigo Ortiz de Urbina wrote: As its not clear to me if isuser is a user you trust, created or needed for your services, 'Trusted', created by myself, needs a local account. I would say your machine might have been compromised. What kind of traffic is isuser generating? Difficult to find out if I assume I could not trust my box any longer. Is it just a reverse ssh shell? Could very well be. Would this not show in 'last' or 'w'? Interesting to me, that no pseudo-terminal is associated with the activities (ssh), contrary to a usual local logon. Can you shutdown his account or set his/her/its shell to nologin(8)? I'll try this next when I see her activities: nologin. Next install you might consider following the advices of mtree(8) as the output of previous and current `mtree -cK sha1digest` would be really usefeul here. I'll have to study this first. Thanks!
Re: strange (?) ssh user
On Fri, Aug 21, 2009 at 06:00:10PM +0800, Uwe Dippel wrote:
Paul de Weerd wrote:
Hi Uwe,
Yes. Like
Accepted password for isuser from XXX.XX.XX.XX port 61802 ssh2
And this XXX.XX.XX.XX is the address of a machine you know ?
Yes
Is it under your control ? Can you see what is going on on that
machine, who or what is connecting to your box as 'isuser' ?
The user
is a well known user to you,
Yes
Have you talked to the user to ask him what he's doing ?
some system account perhaps ?
No
Some scripted backup maybe ? Or someone using your machine for
outgoing connections (eg TCP forwarding over SSH) ?
To be clear, the user exists, and logged on the last time three days
ago as far as 'last' is concerned.
This does not really match up with your previous statements of who
never logged on, is not visible with 'last'.
Sorry, my shoddy way of saying things. 'Never' meant 'never while there
were processes running under his user-ID in the last hours'
So his last 'last' is 3 days old.
Right, well .. this is easily synthesized with a `ssh ${HOST} sleep
86400` or something similar in a while true-loop. You're only logged
in if you get a tty assigned. Do you see a lot of entries for this
user in authlog (repeated sessions) or just a few (long lived
sessions) ?
What is this user doing ? Any other processes running under his uid ?
No, only the root- and user-id of ssh.
Sounds more and more like TCP forwarding then.
If he's back immediately after a reboot, it sounds like an automated
log in (using password auth; that may be interesting).
What exactly do you want to know here ? How to log in without showing
up in finger/w/last/etc ? Try `while :; do ssh ${HOST} read A; done`,
it does exactly what you describe.
Are you sure that account is not compromised and your machine is not
sending out lots of e-mail ?
Hmm. How would I know? The daily security report gives out a reasonable
number of mails, top looks okay to me, low as usual.
tcpdump(8) will tell you a lot, I suppose ;) I guess the best way to
make sure the account is not compromised is talking to your user and
asking him if he can explain what is going on. Again, my current guess
is TCP forwarding, but it could be a lot of other things too. Ask your
user and see if he knows about this. If he doesn't, close the account
and do some research to see if anything bad happened (check logs etc).
Cheers,
Paul 'WEiRD' de Weerd
--
[++-]+++.+++[---].+++[+
+++-].++[-]+.--.[-]
http://www.weirdnet.nl/
Re: strange (?) ssh user
Paul de Weerd wrote: tcpdump(8) will tell you a lot, I suppose ;) I guess the best way to make sure the account is not compromised is talking to your user and asking him if he can explain what is going on. Again, my current guess is TCP forwarding, but it could be a lot of other things too. Ask your user and see if he knows about this. I can't as of now (weekend). But I can see it reoccurring, kind of: Aug 21 18:31:25 mybox sshd[31888]: Accepted password for isuser from XXX.XX.XX.XX port 57519 ssh2 in authlog, reflected pretty well by isuser ttyp0172.16.0.35 Fri Aug 21 18:31 - 18:31 (00:00) in 'last'; though still busy sending stuff forth and back: isuser 16994 0.0 0.8 3176 1992 ?? S 6:31PM0:00.13 sshd: isuser There are a bunch of logons of that user, of 00:00 logon duration during the last weeks. The only thing running from this user at this moment is the ssh. That would mean, one can log on, spawn a process, log off, and the process keeps running? Then everything could be 'fine', and the system not compromised, only exploited to run some ssh-tunnel or so. Though this behaviour of the system would be unexpected by myself. Uwe
Use memory as disk
Hi, Is there a way to use memory as a disk/partition? Such as mount it to /mnt/mem or such things. I can't find information of this in the man pages and after googled, I found rd for OpenBSD, which seems similar with md in FreeBSD. But still not useful. Anybody help? Thanks
Re: strange (?) ssh user
On Fri, Aug 21, 2009 at 07:51:57PM +0800, Uwe Dippel wrote: Paul de Weerd wrote: tcpdump(8) will tell you a lot, I suppose ;) I guess the best way to make sure the account is not compromised is talking to your user and asking him if he can explain what is going on. Again, my current guess is TCP forwarding, but it could be a lot of other things too. Ask your user and see if he knows about this. I can't as of now (weekend). But I can see it reoccurring, kind of: Aug 21 18:31:25 mybox sshd[31888]: Accepted password for isuser from XXX.XX.XX.XX port 57519 ssh2 in authlog, reflected pretty well by isuser ttyp0172.16.0.35 Fri Aug 21 18:31 - 18:31 (00:00) in 'last'; though still busy sending stuff forth and back: isuser 16994 0.0 0.8 3176 1992 ?? S 6:31PM0:00.13 sshd: isuser There are a bunch of logons of that user, of 00:00 logon duration during the last weeks. The only thing running from this user at this moment is the ssh. That would mean, one can log on, spawn a process, log off, and the process keeps running? Then everything could be 'fine', and the system not compromised, only exploited to run some ssh-tunnel or so. Though this behaviour of the system would be unexpected by myself. You could check for the presence of forwarded TCP sessions with fstat, an exmaple looks like this : weerdsshd 29016 11* internet stream tcp 0x40009ab33d0 127.0.0.1:44410 -- 127.0.0.1:3128 If you open an ssh session to a remote machine with a forwarded port, then open the forwarded port and once the connection over the forwarded port has been established ^D the initial session, you'll get the behaviour you just described. The established TCP session over the forwarded connection keeps the SSH session alive but the user is shown as logged out (and no processes show other than the sshd's you mentioned). Again .. talk to your user. I bet (s)he can explain this. Cheers, Paul 'WEiRD' de Weerd -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/
Re: Use memory as disk
On Fri, Aug 21, 2009 at 2:03 PM, obvvbooo obvvbbvvb...@googlemail.com wrote: Hi, Is there a way to use memory as a disk/partition? Such as mount it to /mnt/mem or such things. I can't find information of this in the man pages and after googled, I found rd for OpenBSD, which seems similar with md in FreeBSD. But still not useful. Anybody help? Thanks I guess you're looking for mfs. See man mfs
Re: Use memory as disk
Hi, On Fri, Aug 21, 2009 at 1:03 PM, obvvbooo obvvbbvvb...@googlemail.com wrote: Hi, Is there a way to use memory as a disk/partition? Such as mount it to /mnt/mem or such things. I can't find information of this in the man pages and after googled, I found rd for OpenBSD, which seems similar with md in FreeBSD. But still not useful. Anybody help? man rd? -- Best Regards Edd Barrett (Freelance software developer / technical writer / open-source developer) http://students.dec.bournemouth.ac.uk/ebarrett
Re: strange (?) ssh user
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Uwe Dippel wrote: I can't as of now (weekend). But I can see it reoccurring, kind of: Aug 21 18:31:25 mybox sshd[31888]: Accepted password for isuser from XXX.XX.XX.XX port 57519 ssh2 in authlog, reflected pretty well by isuser ttyp0172.16.0.35 Fri Aug 21 18:31 - 18:31 (00:00) in 'last'; though still busy sending stuff forth and back: isuser 16994 0.0 0.8 3176 1992 ?? S 6:31PM0:00.13 sshd: isuser There are a bunch of logons of that user, of 00:00 logon duration during the last weeks. The only thing running from this user at this moment is the ssh. That would mean, one can log on, spawn a process, log off, and the process keeps running? Then everything could be 'fine', and the system not compromised, only exploited to run some ssh-tunnel or so. Though this behaviour of the system would be unexpected by myself. Uwe Have you considered adding a PF rule that would drop all incoming login requests from this specific user? - -- - -wittig http://www.robertwittig.com/ http://robertwittig.net/ http://robertwittig.org/ . Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFKjo2u4790tgvai6gRAnfmAJ48xDHpuni444P3tphuDGesI1RC9QCgprJ8 Zj25gW7lUsKbWu4nuvS/kNo= =wFi+ -END PGP SIGNATURE-
Bonus Alert.
[IMAGE] As a result of our overwhelming profit this year we wish to begin the implementation of a 3% increase on the interest rate of all our existing customers accounts as a measure to show our gratitude for your patronage. Thank you for banking with us. Click here to alert us as an existing customer.
printer problem
Hi there, I have a problem with Samsung ML-2015 /etc/printcap lp|local printer|ML2015:\ :lp=/dev/lpt0:\ :sd=/var/spool/output:\ :lf=/var/log/lpd-errs: rc.conf lpd_flags= ps ax | grep lpd 114 ?? Is 0:00.00 lpd 25472 S+ 0:00.00 grep lpd Run #lptest 70 5 | lpr -PML2015 LCD blincks, printer sounds promising and no any output at all. Regards, Igor. -- igor denisov. -- Internet Explorer 8 - sqjnphrek| hmrepmer`! http://ie.rambler.ru/
Re: strange (?) ssh user
Robert C Wittig wrote: Have you considered adding a PF rule that would drop all incoming login requests from this specific user? Yes. But it won't work, because there is a NAT-address-rewrite in between that changes the source address. Also, that user has plenty of machines to log on to. It seems by now that it is not a compromise, but something else, rather 'abuse'. Uwe
Plans for an online meeting regarding Radiotap
Radiotap is a de-facto standard for 802.11 frame injection and reception. Up to field ID 13, it can truly considered a standard (all current implementations agree on fields 1-13), but after that, implementations diverge widely. Here is a map of how current implementations define field IDs 14 and up: Linux (both mac80211 madwifi, not sure about libertas) NetBSD: Field 14: RX flags (standardized field) Field 15: TX flags Field 16: RTS retries Field 17: Data retries FreeBSD: Fields 14...17 skipped (incliding standardized field 14), field 18: Extended channel OpenBSD: Field 14: FCS of the frame (clashes with standard - field 14 is defined as RX flags!) Field 15: Hardware queue Field 16: RSSI DragonFly BSD: No fields above 13 implemented. Aircrack-ng: Field 14: RX flags (as in the standard) Field 15: TX flags CACE AirPcap software: Field 14: FCS of the frame (clashes with standard; the FCS is also appended to the end of the packet, so this usage is unneeded) Wireshark: Field 14: RX flags, with option to decode FCS instead Fields 15...17 skipped Field 18: Extended channel Radiotap fields 14 and up need to be sorted out to allow further advancements of the standard. In the current state, essentially no fields can be added without risking a collision between implementations. To remedy this, I would like to propose an online mini-summit to be held on Freenode, with the goal of defining a standard way to use fields 14 and up. The summit is to be held in IRC channel #radiotap, where interested parties can join the discussion and propose changes. My preferred time for this event is August 25, 2009, 18:00 GMT; please let me know if this date is unsuitable for any of you, and I will try to find a better time for the summit when everyone interested can attend. My current proposal for the future standard field ordering beyond field 14: Field 14: RX flags (as defined by the standard) Field 15: TX flags (as used by Linux, NetBSD and aircrack-ng) Field 16: RTS retry count (as used by Linux and NetBSD) Field 17: Data retry count (as used by Linux and NetBSD) Field 18: Extended channel (as used by FreeBSD and Wireshark) Field 19: RSSI (OpenBSD's field 16 moved to field ID 19 to avoid collisions) In addition, the following new fields may be worth addition to the standard: RTS threshold, Fragmentation threshold, Extended rate (with MCS index support). I'm deliberately not assigning field numbers to these proposed fields yet to prevent early, divergent implementations of them; the field IDs for these should be decided during the summit. I'm for dropping the following fields, please let me know during the summit if there are any use cases for them: -FCS of the frame (if we have FCS data, then it should be appended to the end of the frame, not put into the header) -Hardware queue (I don't see the point of this... maybe a full QoS control field would be needed instead) Hope to see you on Freenode at the set date. Again, if the time is a problem, respond, and I will try to find a better time. Sincerely, GC!bor Stefanik netrolller...@gmail.com
Re: strange (?) ssh user
Paul de Weerd wrote: You could check for the presence of forwarded TCP sessions with fstat, an exmaple looks like this : weerdsshd 29016 11* internet stream tcp 0x40009ab33d0 127.0.0.1:44410 -- 127.0.0.1:3128 If you open an ssh session to a remote machine with a forwarded port, then open the forwarded port and once the connection over the forwarded port has been established ^D the initial session, you'll get the behaviour you just described. The established TCP session over the forwarded connection keeps the SSH session alive but the user is shown as logged out (and no processes show other than the sshd's you mentioned). Now I am pretty sure that this is what we see here. It also makes sense, since all those users sit on a tightly controlled LAN; while that machine is 'further out'. So that restricted services can be accessed through some tunneling. Now: How to prevent it?? I have hundreds of users, who can log on from hundreds of machines, and all need access to ssh, and easily 30 at the same time. So, filtering IP addresses is out, nologin is out, no ssh is out. Of course, I can politely ask, but I would not necessarily trust it to be followed. I'd much rather disallow it technically. At least, have an easy access to the record (e.g. in 'last'). But since it doesn't require logon, what to do? And how to prevent this?? Any suggestion appreciated, Uwe
Re: Plans for an online meeting regarding Radiotap
2009/8/21 Johannes Berg johan...@sipsolutions.net: On Fri, 2009-08-21 at 16:31 +0200, Gabor Stefanik wrote: Hope to see you on Freenode at the set date. Again, if the time is a problem, respond, and I will try to find a better time. I don't think there's any need to have an IRC meeting. We've hashed out the way forward multiple times on the radiotap list. What is missing now isn't a consensus of how do things, but proposals and implementations. My intention with the meeting is to form an actual proposal that all implementors can agree on. We can produce proposals, and even new standardized fields to no avail, as some implementors (especially OpenBSD) appear to be stuck with implementations that collide with the standard. These implementors need to be awakened and entered into the discussions before anything can be done. Your own proposal had technical flaws (and in my opinion tried to do too much at a time) that you haven't addressed -- doing that would be much more productive than any such meeting. What technical flaws are you trying to point out exactly? (The TX flags field? My point is that it's worthless to standardize TX flags by extending it and moving to Defined fields if noone is willing to implement it.) johannes -- Vista: [V]iruses, [I]ntruders, [S]pyware, [T]rojans and [A]dware. :-)
Re: strange (?) ssh user
On Fri, Aug 21, 2009 at 10:34:05PM +0800, Uwe Dippel wrote: Paul de Weerd wrote: You could check for the presence of forwarded TCP sessions with fstat, an exmaple looks like this : weerdsshd 29016 11* internet stream tcp 0x40009ab33d0 127.0.0.1:44410 -- 127.0.0.1:3128 If you open an ssh session to a remote machine with a forwarded port, then open the forwarded port and once the connection over the forwarded port has been established ^D the initial session, you'll get the behaviour you just described. The established TCP session over the forwarded connection keeps the SSH session alive but the user is shown as logged out (and no processes show other than the sshd's you mentioned). Now I am pretty sure that this is what we see here. It also makes sense, since all those users sit on a tightly controlled LAN; while that machine is 'further out'. So that restricted services can be accessed through some tunneling. Now: How to prevent it?? I have hundreds of users, who can log on from hundreds of machines, and all need access to ssh, and easily 30 at the same time. So, filtering IP addresses is out, nologin is out, no ssh is out. Of course, I can politely ask, but I would not necessarily trust it to be followed. I'd much rather disallow it technically. At least, have an easy access to the record (e.g. in 'last'). But since it doesn't require logon, what to do? And how to prevent this?? Any suggestion appreciated, Turn off ssh forwarding? set AllowTcpForwarding to no, in your sshd_config. Of course, with a bit of effort and some netcat, the user will probably still be able to turn a normal connection into forwarding, but this should at least make it more difficult. Uwe -- --
Re: strange (?) ssh user
On Fri, Aug 21, 2009 at 7:34 AM, Uwe Dippeludip...@uniten.edu.my wrote: Now I am pretty sure that this is what we see here. It also makes sense, since all those users sit on a tightly controlled LAN; while that machine is 'further out'. So that restricted services can be accessed through some tunneling. Now: How to prevent it?? I have hundreds of users, who can log on from hundreds of machines, and all need access to ssh, and easily 30 at the same time. So, filtering IP addresses is out, nologin is out, no ssh is out. Of course, I can politely ask, but I would not necessarily trust it to be followed. I'd much rather disallow it technically. At least, have an easy access to the record (e.g. in 'last'). But since it doesn't require logon, what to do? And how to prevent this?? Read the man page for ssh_config(5) and sshd_config(5), and look at restricting what your users can do. Specifically: AllowTcpForwarding, PermitOpen and PermitTunnel, combined with Match.
Re: Use memory as disk
On Fri, Aug 21, 2009 at 6:41 AM, Edd Barrettvex...@gmail.com wrote: Hi, On Fri, Aug 21, 2009 at 1:03 PM, obvvbooo obvvbbvvb...@googlemail.com wrote: Hi, Is there a way to use memory as a disk/partition? Such as mount it to /mnt/mem or such things. I can't find information of this in the man pages and after googled, I found rd for OpenBSD, which seems similar with md in FreeBSD. But still not useful. Anybody help? man rd? man mfs -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: strange (?) ssh user
On Fri, Aug 21, 2009 at 10:34:05PM +0800, Uwe Dippel wrote: Now I am pretty sure that this is what we see here. It also makes sense, since all those users sit on a tightly controlled LAN; while that machine is 'further out'. So that restricted services can be accessed through some tunneling. Now: How to prevent it?? I have hundreds of users, who can log on from hundreds of machines, and all need access to ssh, and easily 30 at the same time. So, filtering IP addresses is out, nologin is out, no ssh is out. Of course, I can politely ask, but I would not necessarily trust it to be followed. I'd much rather disallow it technically. At least, have an easy access to the record (e.g. in 'last'). But since it doesn't require logon, what to do? And how to prevent this?? Any suggestion appreciated, After you've confirmed that they do this for TCP forwarding use, and you're convinced that this is what you want to prevent, simply edit sshd_config(5), set AllowTcpForwarding to No and restart the master sshd(8). Cheers, Paul 'WEiRD' de Weerd -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/
Re: strange (?) ssh user
On 2009-08-21, Cian Brennan cian.bren...@redbrick.dcu.ie wrote: Turn off ssh forwarding? set AllowTcpForwarding to no, in your sshd_config. you can do this in a Match section too if you need to allow it for some users. Of course, with a bit of effort and some netcat, the user will probably still be able to turn a normal connection into forwarding, but this should at least make it more difficult. PF lets you block/pass local connections by userid. It also lets you write UID/PID to the logs if you want a record.
Re: Plans for an online meeting regarding Radiotap
2009/8/21 Johannes Berg johan...@sipsolutions.net:
On Fri, 2009-08-21 at 16:41 +0200, Gabor Stefanik wrote:
My intention with the meeting is to form an actual proposal that all
implementors can agree on. We can produce proposals, and even new
standardized fields to no avail, as some implementors (especially
OpenBSD) appear to be stuck with implementations that collide with the
standard. These implementors need to be awakened and entered into
the discussions before anything can be done.
There's nothing the standard can do about that. Like I said, we've
talked about that enough in my opinion.
Your own proposal had technical flaws (and in my opinion tried to do too
much at a time) that you haven't addressed -- doing that would be much
more productive than any such meeting.
What technical flaws are you trying to point out exactly? (The TX
flags field? My point is that it's worthless to standardize TX flags
by extending it and moving to Defined fields if noone is willing to
implement it.)
But people are already implementing it, and if they do something else
that's their problem. The flaw I'm thinking of was over the RTS/CTS
handling where some people (including myself) had comments.
I've reworked RTS/CTS since then, just haven't got to sending a new
proposal yet. The current plan is as follows:
TX_FLAGS 0x0002: Use CTS
TX_FLAGS 0x0004: Use RTS
TX_FLAGS 0x0020: Disable RTS/CTS usage
Or, in more C++-like notation:
switch (TX_FLAGS 0x0026) {
case 0x0002:
Use CTS;
break;
case 0x0004:
case 0x0006:
Use RTS;
break;
case 0x0020:
Disable RTS/CTS usage;
break;
default:
fall back to automatic selection
}
Besides,
you're supposed to make at least two implementations when proposing a
standard field.
If I remember correctly, I made an implementation for the Linux kernel
(a generator-side implementation) and one for Wireshark (a parser-side
implementation). Or should I make two generator-side implementations
according to the requirement (e.g. one for Linux, another for
OpenBSD)?
johannes
--
Vista: [V]iruses, [I]ntruders, [S]pyware, [T]rojans and [A]dware. :-)
Re: printer problem
Don't you need a filter for your printer? In my case, my /etc/printcap looks something like: lp|home:\ :lp=/dev/ulpt0:\ :af=/etc/foomatic/HP-DeskJet_F4100-hpijs.ppd:\ :if=/usr/local/bin/foomatic-rip:\ :sd=/var/spool/output:\ :lf=/var/log/lpd-errs: With the foomatic-rip filter. Luis 2009/8/21 igor denisov denisovigor1...@rambler.ru: Hi there, I have a problem with Samsung ML-2015 /etc/printcap lp|local printer|ML2015:\ :lp=/dev/lpt0:\ :sd=/var/spool/output:\ :lf=/var/log/lpd-errs: rc.conf lpd_flags= ps ax | grep lpd 114 ?? Is 0:00.00 lpd 25472 S+ 0:00.00 grep lpd Run #lptest 70 5 | lpr -PML2015 LCD blincks, printer sounds promising and no any output at all. Regards, Igor. -- igor denisov. -- Internet Explorer 8 - sqjnphrek| hmrepmer`! http://ie.rambler.ru/
Re: Plans for an online meeting regarding Radiotap
On Fri, 2009-08-21 at 16:31 +0200, GC!bor Stefanik wrote: Hope to see you on Freenode at the set date. Again, if the time is a problem, respond, and I will try to find a better time. I don't think there's any need to have an IRC meeting. We've hashed out the way forward multiple times on the radiotap list. What is missing now isn't a consensus of how do things, but proposals and implementations. Your own proposal had technical flaws (and in my opinion tried to do too much at a time) that you haven't addressed -- doing that would be much more productive than any such meeting. johannes [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Plans for an online meeting regarding Radiotap
On Fri, 2009-08-21 at 16:41 +0200, GC!bor Stefanik wrote: My intention with the meeting is to form an actual proposal that all implementors can agree on. We can produce proposals, and even new standardized fields to no avail, as some implementors (especially OpenBSD) appear to be stuck with implementations that collide with the standard. These implementors need to be awakened and entered into the discussions before anything can be done. There's nothing the standard can do about that. Like I said, we've talked about that enough in my opinion. Your own proposal had technical flaws (and in my opinion tried to do too much at a time) that you haven't addressed -- doing that would be much more productive than any such meeting. What technical flaws are you trying to point out exactly? (The TX flags field? My point is that it's worthless to standardize TX flags by extending it and moving to Defined fields if noone is willing to implement it.) But people are already implementing it, and if they do something else that's their problem. The flaw I'm thinking of was over the RTS/CTS handling where some people (including myself) had comments. Besides, you're supposed to make at least two implementations when proposing a standard field. johannes [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Watch LIVE Every Wed. Fri 12 noon (EST)
Your Email client is not formatted to view HTML emails. We have included the text email of the message. [1] Links: -- [1] http://fburls.com/31-J3ezkcuk/t/s/txt/cid/545603/sid/104552121 BurningBushGlobal.com sent this email to misc@openbsd.org Questions? Contact pastorw...@burningbushglobal.com or BurningBushGlobal.com, c/o FanBridge, Inc. - 14525 SW Millikan Way, #16910, Beaverton, Oregon 97005, United States Privacy Policy - http://www.FanBridge.com/learn/privacy.php Unsubscribe - http://fburls.com/21-naoptG9k Update Your Information - http://fburls.com/13-AggaHwr7 Forward to a friend - http://fburls.com/93-EvbXgNlO This email message is powered by FanBridge: http://www.FanBridge.com/b.php?id=125532 Free Email and Mobile fan list management for bands.
Re: strange (?) ssh user
Stuart Henderson wrote: On 2009-08-21, Cian Brennan cian.bren...@redbrick.dcu.ie wrote: Turn off ssh forwarding? set AllowTcpForwarding to no, in your sshd_config. you can do this in a Match section too if you need to allow it for some users. Of course, with a bit of effort and some netcat, the user will probably still be able to turn a normal connection into forwarding, but this should at least make it more difficult. PF lets you block/pass local connections by userid. It also lets you write UID/PID to the logs if you want a record. I see that both PF and SSHd allow for group level controls. Cool! That allow changes to apply to classes of users, perhaps making it easier to sort, manage, or scale: Match Group in sshd_conf(5)your and group group from pf.conf(5) However, it may be helpful to find out what kind of problem the user is trying to solve by forwarding. Regards, -Lars
Re: Plans for an online meeting regarding Radiotap
On Fri, 2009-08-21 at 17:04 +0200, GC!bor Stefanik wrote: I've reworked RTS/CTS since then, just haven't got to sending a new proposal yet. The current plan is as follows: TX_FLAGS 0x0002: Use CTS TX_FLAGS 0x0004: Use RTS TX_FLAGS 0x0020: Disable RTS/CTS usage Seems a bit strange, wouldn't setting neither RTS nor CTS have the effect? Seems like 0x20 should rather be use automatic and ignore the other bits. Anyway, not appropriate here, you should just bring a new proposal. If I remember correctly, I made an implementation for the Linux kernel (a generator-side implementation) and one for Wireshark (a parser-side implementation). Or should I make two generator-side implementations according to the requirement (e.g. one for Linux, another for OpenBSD)? No, that was ok, I just meant that therefore by definition it can't be a problem of lack of implementations. johannes [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Upgrading Amanda breaks it
I am in the process of upgrading various older OpenBSD machines to 4.5. As a part of this I am upgrading the Amanda clients on them. I have discoverd that (at least on 4,5) somewhere between Amanda version 2.50.p1 and 2.5.2p1, they changed something that is causing it to fail, on OpenBSD 4.5. here is the error message that I am getting: 192.168.1.2:wd0f 0 dumper: [could not connect DATA stream: can't connect stream to 192.168.1.2 port 24376: Connection refused] (13:48:23) This is on a network that consists of only a crossover cable to eliminate firewall issues. Amanda runs a daemon on the client, that runs as use amanda. This daemon and the Master Amanda amchine set up various streams of communications that pas data and cotrol signals back and forth. Is there some reason that the daemon could nut open a socket in this port range? -- One of the main causes of the fall of the roman empire was that, lacking zero, they had no way to indicate successful termination of their C programs.
Re: printer problem
2009/8/21 igor denisov denisovigor1...@rambler.ru: Hi there, I have a problem with Samsung ML-2015 /etc/printcap lp|local printer|ML2015:\ :lp=/dev/lpt0:\ :sd=/var/spool/output:\ :lf=/var/log/lpd-errs: rc.conf lpd_flags= ps ax | grep lpd 114 ?? Is 0:00.00 lpd 25472 S+ 0:00.00 grep lpd Run #lptest 70 5 | lpr -PML2015 LCD blincks, printer sounds promising and no any output at all. Regards, Igor. -- igor denisov. -- Internet Explorer 8 - sqjnphrek| hmrepmer`! http://ie.rambler.ru/ I could not find that particular model in Open Printing database but most of those cheep Samsung printers require Splix 2.0 driver since they speak Samsung proprietary language. Splix 2.0 is ported to OpenBSD. Are you sure that your printer speaks PostScript? You printcap looks OK for a PostScript printer. Cheers, Predrag
Re: printer problem
igor denisov denisovigor1...@rambler.ru wrote: * Predrag Punosevac punoseva...@gmail.com [Fri, 21 Aug 2009 14:02:44 -0400]: 2009/8/21 igor denisov denisovigor1...@rambler.ru: Hi there, I have a problem with Samsung ML-2015 /etc/printcap lp|local printer|ML2015:\ :lp=/dev/lpt0:\ :sd=/var/spool/output:\ :lf=/var/log/lpd-errs: rc.conf lpd_flags= ps ax | grep lpd 114 ?? Is 0:00.00 lpd 25472 S+ 0:00.00 grep lpd Run #lptest 70 5 | lpr -PML2015 LCD blincks, printer sounds promising and no any output at all. Regards, Igor. -- igor denisov. -- Internet Explorer 8 - sqjnphrek| hmrepmer`! http://ie.rambler.ru/ I could not find that particular model in Open Printing database but most of those cheep Samsung printers require Splix 2.0 driver since they speak Samsung proprietary language. Splix 2.0 is ported to OpenBSD. Are you sure that your printer speaks PostScript? You printcap looks OK for a PostScript printer. Cheers, Predrag Well, when I issue #gs -h Available devices:,samsunggdi,.. sumsunggdi supports ML2010 so looks like should run. Regards, Igor. -- igor denisov. -- Internet Explorer 8 - ?? ?! http://ie.rambler.ru/ You are contradicting yourself. You showed us a printcap file for PostScript capable printer. Now you are telling me that there is a GhostScript driver for it. Then your printcap is not correct as you need a input filter. You have a choice of using foomatic-rip or writing a small filter yourself. It should look something like more /usr/local/libexec/lpfilter-ps #!/bin/sh # Treat LF as CR+LF printf \033k2G || exit 2 # Print the postscript file /usr/local/bin/gs -dSAFER -dBATCH -dQUIET -dNOPAUSE -q -sDEVICE=ljet4 \ -sOutputFile=- -sPAPERSIZE=a4 - exit 0 exit 2 Replace ljet4 with the name of the driver which you believe supports your printer. Printcap should look like lp|local|HP:\ :lp=/dev/lpt0:\ :sd=/var/spool/output:\ :lf=/var/log/lpd-errs: :sh:mx#0:if=/usr/local/libexec/lpfilter-ps: You just need to edit device node /dev/lpt0 otpion (maybe). Cheers, Predrag P.S. I would check OpenPrinting data base before I really believe that Samsung printer can be driven by GhostScript. I am not saying it is not possible. I am just saying that in my experience those cheep one tend to require Splix.
duas placas na mesma rede
Preciso que duas placas se comuniquem na mesma faixa de rede. ex. rl0 10.0.0.10 rl1 10.0.0.11 Obrigado
Re: duas placas na mesma rede
2009/8/21 cesar castro cesaralv...@gmail.com: Preciso que duas placas se comuniquem na mesma faixa de rede. ex. rl0 10.0.0.10 rl1 10.0.0.11 Obrigado This is an English list in case you have not noticed, try looking for a Brazilian list.
FW: Re: Backup issues with OpenBSD 4.5 machines
Anyone seewhy thiswould not work? I have not tried it on ealrier versions
of OpenBSD, but it appears to be failing on 4.5 with a timeout.
Thisis being called by a process running as a fairly restricyed user. Is
there somethhing i need to do to that user to allow it to acomplish this?
Group memebrships or something?
- Forwarded message from John Hein jh...@timing.com -
From: John Hein jh...@timing.com
To: stan st...@panix.com
Cc: amanda users list amanda-us...@amanda.org
Subject: Re: Backup issues with OpenBSD 4.5 machines
Date: Fri, 21 Aug 2009 09:57:36 -0600
X-Mailer: VM 8.0.12 under 22.3.1 (i386-portbld-freebsd7.1)
stan wrote at 10:56 -0400 on Aug 21, 2009:
OK here is the latest on this saga :-)
On one of the OpenBSD 4.5 machines I have built 2.5.0p1, and was able to
back this machine up successfully (using classic UDP based authentication)
On another of them, I built 2.5.2p1. The first attempt to back this machine
up failed. I checked the log files, and found they were having issues
because /etc/amdates was missing. I corrected that, and started a 2nd
backup run. (Remember amcheck reports all is well with this machine). I
got the following from amstatus when I attempted to back up this machine.
Also remember, one of the test I ran with a 2.6.1 client was to connect a
test machine directly to the client, using a crossover cable to eliminate
any firewall, or router type issues.
I am attaching, what I think is, the amadnad debug file associated with this
failure.
Can anyone suggest what I can do to further troubleshoot this?
pb48:wd0f 1 dumper: [could not connect DATA stream:
can't connect stream to pb48.meadwestvaco.com port 11996: Connection
refused] (10:37:27)
.
.
.
amandad: time 30.019: stream_accept: timeout after 30 seconds
amandad: time 30.019: security_stream_seterr(0x86b67000, can't accept new
stream connection: No such file or directory)
amandad: time 30.019: stream 0 accept failed: unknown protocol error
amandad: time 30.019: security_stream_close(0x86b67000)
amandad: time 60.027: stream_accept: timeout after 30 seconds
amandad: time 60.027: security_stream_seterr(0x81212000, can't accept new
stream connection: No such file or directory)
amandad: time 60.027: stream 1 accept failed: unknown protocol error
amandad: time 60.027: security_stream_close(0x81212000)
amandad: time 90.035: stream_accept: timeout after 30 seconds
amandad: time 90.036: security_stream_seterr(0x84877000, can't accept new
stream connection: No such file or directory)
amandad: time 90.036: stream 2 accept failed: unknown protocol error
amandad: time 90.036: security_stream_close(0x84877000)
amandad: time 90.036: security_close(handle=0x81bbf800, driver=0x298a9240
(BSD))
amandad: time 120.044: pid 17702 finish time Fri Aug 21 10:39:27 2009
For some reason the socket is not getting marked ready for read.
select(2) is timing out waiting. Firewall setup perhaps?
This bit of code in 2.5.2p1's common-src/stream.c is where
the failure is happening for you...
int
stream_accept(
int server_socket,
int timeout,
size_t sendsize,
size_t recvsize)
{
SELECT_ARG_TYPE readset;
struct timeval tv;
int nfound, connected_socket;
int save_errno;
int ntries = 0;
in_port_t port;
assert(server_socket = 0);
do {
ntries++;
memset(tv, 0, SIZEOF(tv));
tv.tv_sec = timeout;
memset(readset, 0, SIZEOF(readset));
FD_ZERO(readset);
FD_SET(server_socket, readset);
nfound = select(server_socket+1, readset, NULL, NULL, tv);
if(nfound = 0 || !FD_ISSET(server_socket, readset)) {
save_errno = errno;
if(nfound 0) {
dbprintf((%s: stream_accept: select() failed: %s\n,
debug_prefix_time(NULL),
strerror(save_errno)));
} else if(nfound == 0) {
dbprintf((%s: stream_accept: timeout after %d second%s\n,
debug_prefix_time(NULL),
timeout,
(timeout == 1) ? : s));
errno = ENOENT; /* ??? */
return -1;
- End forwarded message -
--
One of the main causes of the fall of the roman empire was that, lacking
zero, they had no way to indicate successful termination of their C
programs.
Re: Use memory as disk
On Fri, Aug 21, 2009 at 2:03 PM, obvvbooo obvvbooo obvvb...@googlemail.comwrote: Hi, Is there a way to use memory as a disk/partition? Such as mount it to /mnt/mem or such things. I can't find information of this in the man pages and after googled, Havent tried this before but you should be able to create your own ramdisks with rdconfig(8). I found rd for OpenBSD, which seems similar with md in FreeBSD. But still not useful. Anybody help? Thanks Just wondering, how come it is not useful? Is it because your fresh ramdisk is not immediately usable right after creating it?
Re: Upgrading Amanda breaks it
amanda is so last-century what about rsnapshot or boxbackup ? stan [st...@panix.com] wrote: I am in the process of upgrading various older OpenBSD machines to 4.5. As a part of this I am upgrading the Amanda clients on them. I have discoverd that (at least on 4,5) somewhere between Amanda version 2.50.p1 and 2.5.2p1, they changed something that is causing it to fail, on OpenBSD 4.5. here is the error message that I am getting: 192.168.1.2:wd0f 0 dumper: [could not connect DATA stream: can't connect stream to 192.168.1.2 port 24376: Connection refused] (13:48:23) This is on a network that consists of only a crossover cable to eliminate firewall issues. Amanda runs a daemon on the client, that runs as use amanda. This daemon and the Master Amanda amchine set up various streams of communications that pas data and cotrol signals back and forth. Is there some reason that the daemon could nut open a socket in this port range? -- One of the main causes of the fall of the roman empire was that, lacking zero, they had no way to indicate successful termination of their C programs. -- Trying to bring taste and skill into a branch of artistic endeavor which had sunk to the lowest possible depths.
Re: Plans for an online meeting regarding Radiotap
2009/8/21 Johannes Berg johan...@sipsolutions.net: On Fri, 2009-08-21 at 17:04 +0200, Gabor Stefanik wrote: I've reworked RTS/CTS since then, just haven't got to sending a new proposal yet. The current plan is as follows: TX_FLAGS 0x0002: Use CTS TX_FLAGS 0x0004: Use RTS TX_FLAGS 0x0020: Disable RTS/CTS usage Seems a bit strange, wouldn't setting neither RTS nor CTS have the effect? Seems like 0x20 should rather be use automatic and ignore the other bits. Anyway, not appropriate here, you should just bring a new proposal. The point is that if all bits are 0, auto-setup is used. The problem with my original proposal (using two bits) was that an all-zero value had different effect than not including the TX flags field (and simply swapping none and auto would result in an illogicality where what would logically be use both would become use neither - just the opposite of its logical meaning). Making 0x20 mean Auto-select RTS/CTS, interpreting all-zeros as Use neither, would have the same problem as my proposal - all-zeros is different from a missing field. (An empty, zeroed field 15 should have no effect on the process, behaving as if field 15 was not present in the header.) If I remember correctly, I made an implementation for the Linux kernel (a generator-side implementation) and one for Wireshark (a parser-side implementation). Or should I make two generator-side implementations according to the requirement (e.g. one for Linux, another for OpenBSD)? No, that was ok, I just meant that therefore by definition it can't be a problem of lack of implementations. johannes -- Vista: [V]iruses, [I]ntruders, [S]pyware, [T]rojans and [A]dware. :-)
Re: Plans for an online meeting regarding Radiotap
This is not about OpenBSD. Stop this insane cross-posting. Gabor Stefanik wrote: 2009/8/21 Johannes Berg johan...@sipsolutions.net: On Fri, 2009-08-21 at 17:04 +0200, Gabor Stefanik wrote: I've reworked RTS/CTS since then, just haven't got to sending a new proposal yet. The current plan is as follows: TX_FLAGS 0x0002: Use CTS TX_FLAGS 0x0004: Use RTS TX_FLAGS 0x0020: Disable RTS/CTS usage Seems a bit strange, wouldn't setting neither RTS nor CTS have the effect? Seems like 0x20 should rather be use automatic and ignore the other bits. Anyway, not appropriate here, you should just bring a new proposal. The point is that if all bits are 0, auto-setup is used. The problem with my original proposal (using two bits) was that an all-zero value had different effect than not including the TX flags field (and simply swapping none and auto would result in an illogicality where what would logically be use both would become use neither - just the opposite of its logical meaning). Making 0x20 mean Auto-select RTS/CTS, interpreting all-zeros as Use neither, would have the same problem as my proposal - all-zeros is different from a missing field. (An empty, zeroed field 15 should have no effect on the process, behaving as if field 15 was not present in the header.) If I remember correctly, I made an implementation for the Linux kernel (a generator-side implementation) and one for Wireshark (a parser-side implementation). Or should I make two generator-side implementations according to the requirement (e.g. one for Linux, another for OpenBSD)? No, that was ok, I just meant that therefore by definition it can't be a problem of lack of implementations. johannes -- Vista: [V]iruses, [I]ntruders, [S]pyware, [T]rojans and [A]dware. :-)
Re: strange (?) ssh user
On Fri, 21 Aug 2009 16:55 +0200, Paul de Weerd we...@weirdnet.nl wrote: On Fri, Aug 21, 2009 at 10:34:05PM +0800, Uwe Dippel wrote: Now I am pretty sure that this is what we see here. It also makes sense, since all those users sit on a tightly controlled LAN; while that machine is 'further out'. So that restricted services can be accessed through some tunneling. Now: How to prevent it?? I have hundreds of users, who can log on from hundreds of machines, and all need access to ssh, and easily 30 at the same time. So, filtering IP addresses is out, nologin is out, no ssh is out. Of course, I can politely ask, but I would not necessarily trust it to be followed. I'd much rather disallow it technically. At least, have an easy access to the record (e.g. in 'last'). But since it doesn't require logon, what to do? And how to prevent this?? Any suggestion appreciated, After you've confirmed that they do this for TCP forwarding use, and you're convinced that this is what you want to prevent, simply edit sshd_config(5), set AllowTcpForwarding to No and restart the master sshd(8). You can also approach management to create a business policy to prevent this. Make this policy well known and then fire anyone that breaks it. This will discourage anyone from coming up with some 'creative' way in the future of circumventing your technical solution. This would be the standard business model, ymmv. :)
You have received a card from a family member!
Hallmark.comShop OnlineHallmark MagazineE-Cards MoreAt Gold Crown You have recieved A Hallmark E-Card. Hello! You have recieved a Hallmark E-Card. To see it, click here, There's something special about that E-Card feeling. We invite you to make a friend's day and send one. Hope to see you soon, Your friends at Hallmark Your privacy is our priority. Click the Privacy and Security link at the bottom of this E-mail to view our policy. Hallmark.com | Privacy Security | Customer Service | Store Locator
3� noche gratis Radisson Flamingos, Mexico
En caso de no poder ver correctamente este correo favor de dar clic aqum Mencione este mail al reservar, y reciba un regalo sorpresa 01 55 5723 2963 / 2952 01 800 900 9600 reservacio...@flamingos.com.mxwww.radisson.com/mexicocitymx_flamingos Al mencionar este email recibira un regalo sorpresa Este mensaje fue enviado para informacisn de nuestras promociones. No pretendemos saturar su correo ni causarle molestias. Este mensaje de correo electrsnico no se considera SPAM, ya que cumple con lo establecido en el capmtulo VIII BIS de los lineamientos sobre comercio electrsnico publicados por la PROFECO, ademas de contener instrucciones y una forma electrsnica para notificar y solicitar la cancelacisn de su envmo y no continuar recibiindolo. Si no desea recibir en un futuro estos mensajes favor de hacer clic en ( unsuscr...@pqstravel.com ) y sera removido de nuestra lista en 72 horas. Si desea hacer llegar esta informacisn a otros agentes de viajes o particular, proporcisnenos sus direccisn de correo electrsnico HAGA CLIC AQUM o envme sus sugerencias. Si desea informacisn sobre nuestros servios, contactenos a m...@pqstravel.com
Re: strange (?) ssh user
Johan Beisser wrote: Read the man page for ssh_config(5) and sshd_config(5), and look at restricting what your users can do. Specifically: AllowTcpForwarding, PermitOpen and PermitTunnel, combined with Match. Thanks everyone for a great number of enlightening and helpful replies to my post! I have learned a lot. Last not least, and again, how biased I can think: When I noticed some activities by a user who was not logged on, I feared a compromise. That lead me away from the solution: reading the man pages of ssh, as I did not expect this to be 'normal' or even legal. Thanks again! Uwe
Re: Use memory as disk
On Fri, 21 Aug 2009 23:12:18 +0200 Iqigo Ortiz de Urbina tarom...@gmail.com wrote: On Fri, Aug 21, 2009 at 2:03 PM, obvvbooo obvvbooo obvvb...@googlemail.comwrote: Hi, Is there a way to use memory as a disk/partition? Such as mount it to /mnt/mem or such things. I can't find information of this in the man pages and after googled, Havent tried this before but you should be able to create your own ramdisks with rdconfig(8). I found rd for OpenBSD, which seems similar with md in FreeBSD. But still not useful. Anybody help? Thanks Just wondering, how come it is not useful? Is it because your fresh ramdisk is not immediately usable right after creating it? Wasn't this answered by the man page references? # grep ramdisk /etc/fstab swap /ramdisk mfs rw,nodev,nosuid,-s=220 0 0 don't want to reboot? # mount /ramdisk don't want to have it on every boot? (for that there is no real reason, because it wont use ram until one puts actual data in there.) - add the noauto option. - Robert
Re: Use memory as disk
Great, Thanks. This is just what I'm asking for. Thanks. 2009/8/22 Robert rob...@openbsd.pap.st On Fri, 21 Aug 2009 23:12:18 +0200 Iqigo Ortiz de Urbina tarom...@gmail.com wrote: On Fri, Aug 21, 2009 at 2:03 PM, obvvbooo obvvbooo obvvb...@googlemail.comwrote: Hi, Is there a way to use memory as a disk/partition? Such as mount it to /mnt/mem or such things. I can't find information of this in the man pages and after googled, Havent tried this before but you should be able to create your own ramdisks with rdconfig(8). I found rd for OpenBSD, which seems similar with md in FreeBSD. But still not useful. Anybody help? Thanks Just wondering, how come it is not useful? Is it because your fresh ramdisk is not immediately usable right after creating it? Wasn't this answered by the man page references? # grep ramdisk /etc/fstab swap /ramdisk mfs rw,nodev,nosuid,-s=220 0 0 don't want to reboot? # mount /ramdisk don't want to have it on every boot? (for that there is no real reason, because it wont use ram until one puts actual data in there.) - add the noauto option. - Robert
Re: Plans for an online meeting regarding Radiotap
2009/8/22 GC!bor Stefanik netrolller...@gmail.com: 2009/8/21 Johannes Berg johan...@sipsolutions.net: On Fri, 2009-08-21 at 17:04 +0200, GC!bor Stefanik wrote: I've reworked RTS/CTS since then, just haven't got to sending a new proposal yet. The current plan is as follows: TX_FLAGS 0x0002: Use CTS TX_FLAGS 0x0004: Use RTS TX_FLAGS 0x0020: Disable RTS/CTS usage Seems a bit strange, wouldn't setting neither RTS nor CTS have the effect? Seems like 0x20 should rather be use automatic and ignore the other bits. Anyway, not appropriate here, you should just bring a new proposal. The point is that if all bits are 0, auto-setup is used. The problem with my original proposal (using two bits) was that an all-zero value had different effect than not including the TX flags field (and simply swapping none and auto would result in an illogicality where what would logically be use both would become use neither - just the opposite of its logical meaning). Making 0x20 mean Auto-select RTS/CTS, interpreting all-zeros as Use neither, would have the same problem as my proposal - all-zeros is different from a missing field. (An empty, zeroed field 15 should have no effect on the process, behaving as if field 15 was not present in the header.) If I remember correctly, I made an implementation for the Linux kernel (a generator-side implementation) and one for Wireshark (a parser-side implementation). Or should I make two generator-side implementations according to the requirement (e.g. one for Linux, another for OpenBSD)? No, that was ok, I just meant that therefore by definition it can't be a problem of lack of implementations. johannes -- Vista: [V]iruses, [I]ntruders, [S]pyware, [T]rojans and [A]dware. :-) Here also, please fix your cc-list, I'm not the david what you want to send to -- Regards dave
