Re: Looking for a way to deal with unwanted HTTP requests using mod_perl

At the risk of sounding last decade… Sourcing a scanner that attempts to illustrates the goals of an attacker could make for a worthwhile project. As an aside a postfix version really ought to exist with it’s myriad of status codes. Regards Patrick > On Sep 28, 2016, at 9:04 PM, Chris Bennett

Re: Looking for a way to deal with unwanted HTTP requests using mod_perl

On Wed, Sep 28, 2016 at 08:54:14PM -0400, trondd wrote: > On Wed, September 28, 2016 1:20 pm, Chris Bennett wrote: > > > > Right now I am using a simple script from the error log to block > > permanently any requests from that IP using OpenBSD pf. > > > > That simply doesn't work well enough

Re: tfdpd doesn't deliver pxeboot file

I’ve been working on transitioning to an all Alix 2d13 environment for my home set up. Using 6.0 base, I had no problems with PXE (DHCP or tftp) on my Alix 2d13 machine. The server in this case is running on a MacBook Pro with VMware Fusion with a (just freshly built) 6.0 (Stable) install.

Re: Looking for a way to deal with unwanted HTTP requests using mod_perl

On Wed, September 28, 2016 1:20 pm, Chris Bennett wrote: > > Right now I am using a simple script from the error log to block > permanently any requests from that IP using OpenBSD pf. > > That simply doesn't work well enough anymore due to the time lag between > 20+ requests at once getting to the

Re: login.conf processing by /etc/rc

On 28.09.2016 21:33, Evgeny Grin wrote: > Hi! > > I configured freshly installed OpenBSD 6.0-release with kern.maxfiles=131072 > in /etc/sysctl.conf > and > :openfiles-max=40960:openfiles-cur=40960: > for daemon in /etc/login.conf > > And each boot I see message > kern.maxfiles: 7030 -> 1 >

login.conf processing by /etc/rc

Hi! I configured freshly installed OpenBSD 6.0-release with kern.maxfiles=131072 in /etc/sysctl.conf and :openfiles-max=40960:openfiles-cur=40960: for daemon in /etc/login.conf And at each boot I see message: kern.maxfiles: 7030 -> 131072 /etc/rc: ulimit: bad -n limit: Invalid argument I

Re: Opinion about pflog

On 09/28/16 22:25, Walter Alejandro Iglesias wrote: > I'm about to run my own web server using OpenBSD. I'm giving my first > steps with pf. I was very enthusiastic till I got to this point: > > https://www.openbsd.org/faq/pf/logging.html > > It says: > > The log file written by pflogd is

Re: Opinion about pflog

On 09/28/2016 04:25 PM, Walter Alejandro Iglesias wrote: > And this "uncommon" practice among unix system administrators (sarcasm), > needs a "workaround". You end with a file with a curious termination: > > Create the file /var/log/pflog.txt ... You can name it pflog.log versus pflog.txt,

Re: Opinion about pflog

On 09/28/2016 03:25 PM, Walter Alejandro Iglesias wrote: I know complaining is useless. Forgive me this time. I'm about to run my own web server using OpenBSD. I'm giving my first steps with pf. I was very enthusiastic till I got to this point: https://www.openbsd.org/faq/pf/logging.html

Re: Opinion about pflog

> I know complaining is useless. Forgive me this time. > > I'm about to run my own web server using OpenBSD. I'm giving my first > steps with pf. I was very enthusiastic till I got to this point: > > https://www.openbsd.org/faq/pf/logging.html > > It says: > > The log file written by

Re: Opinion about pflog

On Wed, 28 Sep 2016, Walter Alejandro Iglesias wrote: > I know complaining is useless. Forgive me this time. > > I'm about to run my own web server using OpenBSD. I'm giving my first > steps with pf. I was very enthusiastic till I got to this point: > >

Opinion about pflog

I know complaining is useless. Forgive me this time. I'm about to run my own web server using OpenBSD. I'm giving my first steps with pf. I was very enthusiastic till I got to this point: https://www.openbsd.org/faq/pf/logging.html It says: The log file written by pflogd is in binary

Re: What is doas doing??

On Wed, Sep 28, 2016 at 02:45:26PM +0200, Murk Fletcher wrote: > Hi, > > Anybody ever been in a similar situation? > > % su > Password: > you are not in group wheel > Sorry > % groups > wheel > % cat /etc/doas.conf > permit nopass keepenv :wheel > > Thanks! > > Murk > You did remember to

Re: Looking for a way to deal with unwanted HTTP requests using mod_perl

In my opinion, the appropriate thing to do here is drop the connection (so most clients would time out) for bad requests, along with a short term ip "block" for stuff that becomes real problems. Not a true block, though, but instead a fixed content "your address is being used as a part of a

Re: PPPoE and VDSL2 with a real /29

Hi, thanks for replying On 28/09/2016 15:20, Stuart Henderson wrote: No baby jumbos with rl(4) so you are stuck with 1492 MTU, so you need PF so you can do "scrub (max-mss 1440)" as described in pppoe(4)'s "MTU/MSS ISSUES" section. I was mistaken. These are re not rl. How does this alter

Looking for a way to deal with unwanted HTTP requests using mod_perl

I am not sure what is appropriate, given netiqette and practicality for my server. I am sick of thousands of identical requests in my error log, plus I want to be able to look over my logs easily to find any real problems. Below is a copy of the question I sent to modp...@perl.apache.org So far

Re: FDE on BeagleBone Black

On Wed, 28 Sep 2016 06:48:35 +0200 "L.R. D.S." wrote: > Also, as a side question, I remember some discussion here on misc or tech, > about no > support for binary packages on armv7 port. Is it still right, I'll have to > compile > all by myself? I'm already feeling the

Re: Route add - too many levels of symbolic links

On Wed, Sep 28, 2016 at 2:09 AM, Bryan Linton wrote: > On 2016-09-27 20:00:04, Dekker wrote: > > I have started encountering a wierd problem with my OpenBSD Laptop > > Running 6.0 Current (latest snapshot 25.09.2016) > > I run OpenVPN to connect this

Re: PPPoE and VDSL2 with a real /29

On 2016-09-28, tech-lists wrote: > Hello misc@ > > Hoping someone can help me please. I have a bit of a chicken and egg > situation with regard to routing real IPs through a PPPoE connection in > that I know some of the terms but my understanding is limited on others. >

Re: What is doas doing??

On Wed, Sep 28, 2016 at 02:45:26PM +0200, Murk Fletcher wrote: > Hi, > > Anybody ever been in a similar situation? > > % myscript_start > /etc/rc.d/myscript: need root privileges > % doas myscript_start > doas: myscript_start: command not found > % su > Password: > you are not in group wheel >

PPPoE and VDSL2 with a real /29

Hello misc@ Hoping someone can help me please. I have a bit of a chicken and egg situation with regard to routing real IPs through a PPPoE connection in that I know some of the terms but my understanding is limited on others. I've read around pppoe on freebsd and openbsd and openbsd seems to

What is doas doing??

Hi, Anybody ever been in a similar situation? % myscript_start /etc/rc.d/myscript: need root privileges % doas myscript_start doas: myscript_start: command not found % su Password: you are not in group wheel Sorry % groups wheel % cat /etc/doas.conf permit nopass keepenv :wheel Thanks! Murk

Re: tfdpd doesn't deliver pxeboot file

Am 28.09.2016 um 13:27 schrieb Solène Rapenne: > Le 2016-09-28 12:45, Peer Janssen a écrit : >> TFTP pxeboot requests: >> >> 12:15:45.064076 192.168.0.81.2070 > alix.fritz.box.tftp: 24 RRQ >> "pxeboot" >> : 4500 0034 0002 1411 24ea c0a8 0051 E..4..$Q >> 0010: c0a8 002c 0816

Re: traceroute and pf

because it drops privs once initialization done. On 28.09.16 14:24, johnw wrote: On 09/28/2016 07:05 PM, Janne Johansson wrote: Apart from PF failing the syntax, what would one expect to achieve with =0 ? That would always cover all users, since its never a negative number.

Re: tfdpd doesn't deliver pxeboot file

Le 2016-09-28 12:45, Peer Janssen a écrit : TFTP pxeboot requests: 12:15:45.064076 192.168.0.81.2070 > alix.fritz.box.tftp: 24 RRQ "pxeboot" : 4500 0034 0002 1411 24ea c0a8 0051 E..4..$Q 0010: c0a8 002c 0816 0045 0020 f181 0001 7078 ...,...E. px 0020: 6562 6f6f

Re: traceroute and pf

On 09/28/2016 07:05 PM, Janne Johansson wrote: > Apart from PF failing the syntax, what would one expect to achieve with > >=0 ? > > That would always cover all users, since its never a negative number. > /usr/include/sys/types.h:typedef__uid_t uid_t; > /* user id */ >

Re: traceroute and pf

Apart from PF failing the syntax, what would one expect to achieve with >=0 ? That would always cover all users, since its never a negative number. /usr/include/sys/types.h:typedef__uid_t uid_t; /* user id */ /usr/include/sys/_types.h:typedef __uint32_t

Re: FDE on BeagleBone Black

On Wed, Sep 28, 2016 at 10:22:10AM +0200, Stefan Sperling wrote: > On Wed, Sep 28, 2016 at 06:48:35AM +0200, L.R. D.S. wrote: > > Hi, > > I'm thinking of buying a new toy board like BeagleBone Black to test the > > armv7 port. > > It's already possible to do full disk encryption on these boards?

Re: tfdpd doesn't deliver pxeboot file

Am 28.09.2016 um 11:33 schrieb Peer Janssen: > the request seems to be constructed in different ways. This goes > beyond what tftpd man page says about tftpd's options. Indeed, it > looks like there aren't any tftpd options for this kind of variation > at all, so it seems to me at this time that a

Re: tfdpd doesn't deliver pxeboot file

Le 2016-09-28 11:05, Peer Janssen a écrit : Am 28.09.2016 um 10:50 schrieb Solène Rapenne: Le 2016-09-28 10:21, Peer Janssen a écrit : The target system for an OpenBSD 6.0 install, an alix.2d13, is directly connected to an alix.3x box serving dhcp and tftp. alix.3x (Server): # tftp localhost

Re: tfdpd doesn't deliver pxeboot file

Am 28.09.2016 um 11:05 schrieb Peer Janssen: > Am 28.09.2016 um 10:50 schrieb Solène Rapenne: >> Le 2016-09-28 10:21, Peer Janssen a écrit : >>> The target system for an OpenBSD 6.0 install, an alix.2d13, is directly >>> connected to an alix.3x box serving dhcp and tftp. >>> alix.3x (Server): >>>

Re: Route add - too many levels of symbolic links

On 2016-09-27 20:00:04, Dekker wrote: > I have started encountering a wierd problem with my OpenBSD Laptop > Running 6.0 Current (latest snapshot 25.09.2016) > I run OpenVPN to connect this laptop to a remote server and I get the > following output. > [snip] > I also

State of IPsec, iked (OpenIKED) and redundancy (CARP)

Hi everyone @ misc! I'm trying to determine what the state is of using iked (OpenIKED) with redundancy (with CARP). Should such a setup work in OpenBSD 6.0? The iked.conf (5) man page implies that using CARP for redundancy is a supported configuration: "This option is used for setups using

Re: tfdpd doesn't deliver pxeboot file

Am 28.09.2016 um 10:50 schrieb Solène Rapenne: > Le 2016-09-28 10:21, Peer Janssen a écrit : >> The target system for an OpenBSD 6.0 install, an alix.2d13, is directly >> connected to an alix.3x box serving dhcp and tftp. >> alix.3x (Server): >> >> # tftp localhost >> tftp> get pxeboot >> Received

traceroute and pf

Hi, I have some problem setup pf, to pass out traceroute with user keyword. below rule do WORK. pass out quick on $ext_if inet proto udp from ($ext_if) to any or below one also WORK. pass out quick on $ext_if inet proto udp from ($ext_if) to any user != 1 but below one, do NOT WORK. pass

Re: tfdpd doesn't deliver pxeboot file

Le 2016-09-28 10:21, Peer Janssen a écrit : The target system for an OpenBSD 6.0 install, an alix.2d13, is directly connected to an alix.3x box serving dhcp and tftp. alix.3x (Server): # tftp localhost tftp> get pxeboot Received 81965 bytes in 0.1 seconds tftp> Hello, Can you try the LAN ip

Re: FDE on BeagleBone Black

On Wed, Sep 28, 2016 at 06:48:35AM +0200, L.R. D.S. wrote: > Hi, > I'm thinking of buying a new toy board like BeagleBone Black to test the > armv7 port. > It's already possible to do full disk encryption on these boards? I don't think the armv7 bootloader has softraid support at present. You

tfdpd doesn't deliver pxeboot file

The target system for an OpenBSD 6.0 install, an alix.2d13, is directly connected to an alix.3x box serving dhcp and tftp. alix.3x (Server): # dmesg | head -n 1 OpenBSD 6.0 (GENERIC) #1917: Tue Jul 26 12:48:33 MDT 2016 # ifconfig vr0 vr0:

Re: FDE on BeagleBone Black

Simply go to your favorite openbsd mirror and check the packages directory. You will get up to date information about what packages are available and which are not. >From what I've seen, there is no package for armv7 / openbsd6.0. I haven't checked snapshots. 2016-09-28 6:48 GMT+02:00 L.R. D.S.

Large datasize - how to limit physical memory?

Dear misc@ I have searched the archives and read the documentation of login.conf(5), ksh(1):ulimit and can not find how to limit the amount of physical memory a process may use. I have the following limits where I have set down ulimit -m and ulimit -l to 1 kbytes in an attempt to limit the