Re: Funny slogans to put on tshirts
On Fri, Oct 31, 2008 at 10:51 AM, Mel [EMAIL PROTECTED] wrote: On Friday 31 October 2008 10:29:35 you wrote: It's my friend's birthday tomorrow. I was thinking I'd make him a tshirt with some funny slogan on it or something. Preferably something UNIX related. But I'm all outta ideas. Perhaps y'all can help? Alright, much obliged, thanks. http://shop.cafepress.com/design/6684711 -- Mel Hahaha -- http://www.home.no/reddvinylene
Funny slogans to put on tshirts
Hello guys, It's my friend's birthday tomorrow. I was thinking I'd make him a tshirt with some funny slogan on it or something. Preferably something UNIX related. But I'm all outta ideas. Perhaps y'all can help? Alright, much obliged, thanks. -- http://www.home.no/reddvinylene
Re: pf to block against DDoS?
On Mon, Sep 22, 2008 at 10:36 AM, Lars Noodin [EMAIL PROTECTED]wrote: Redd Vinylene wrote: ... You can also use two tables so that the first overload gets shunted to a slow queue and given a second chance before ending up in the second table which gets blocked. ... Lars Noodin: Would you happen to have an example of that? Not really, here is an illustration of how it might be approached: http://www-personal.umich.edu/~lars/PF/pf.ssh-2tables.confhttp://www-persona l.umich.edu/%7Elars/PF/pf.ssh-2tables.conf I expect that the last-rule-matched takes care of the decision. The However, there might be some divergence between what I think it does and what it really does. Another question is, in which cases is that useful? Regards -Lars This has been a very interesting example, Lars. Thanks a lot for sharing! As for your last question though, I think I know what you mean. It is to say, should a rapist really be given a second chance? -- http://www.home.no/reddvinylene
Re: pf to block against DDoS?
From: Redd Vinylene [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: pf to block against DDoS? Date: Thursday, September 4, 2008 - 3:23 pm Hello hello! I was quite shocked today when I heard I could use pf to block against DDoS attacks, using Stateful Tracking Options, http://www.openbsd.org/faq/pf/filter.html#stateopts. But does anybody have any nice setups of this they'd want to share? From: Oliver Peter [EMAIL PROTECTED] To: Redd Vinylene [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: pf to block against DDoS? Date: Thursday, September 4, 2008 - 4:20 pm ... nice cross-post. I can recommend reading through this as well: http://www.bgnett.no/~peter/pf/en/bruteforce.html -- Oliver PETER, email: [EMAIL PROTECTED], ICQ# 113969174 If it feels good, you're doing something wrong. -- Coach McTavish From: Peter N. M. Hansteen [EMAIL PROTECTED] To: Oliver Peter [EMAIL PROTECTED] Cc: Redd Vinylene [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: pf to block against DDoS? Date: Friday, September 5, 2008 - 1:54 am Thanks for recommending that! However I would generally recommend the maintained version which is up at lt;http://home.nuug.no/~peter/pf/gt ;, with the direct link to the part about state tracking and bruteforcers at lt;http://home.nuug.no/~peter/pf/en/bruteforce.htmlgt;. (and of course there's the book, nudge, nudge) - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic From: Lars Noodin [EMAIL PROTECTED] To: Oliver Peter [EMAIL PROTECTED] Cc: Redd Vinylene [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: pf to block against DDoS? Date: Thursday, September 4, 2008 - 4:50 pm You can also use two tables so that the first overload gets shunted to a slow queue and given a second chance before ending up in the second table which gets blocked. -Lars Much obliged to all y'all gentlemen for your valuable design insight. Now, is there anything more I can do to secure my webserver from attacks? Or perhaps my pf.conf can be simplified / beautified? Peter N. M. Hansteen: Did I follow your tutorial correctly? Lars Noodin: Would you happen to have an example of that? My pf.conf now looks like this: - ext_if = rl0 int_if = ep0 set block-policy return set skip on { lo0 } scrub in table bruteforce persist nat on $ext_if from $int_if:network to any - ($ext_if) rdr on $ext_if proto tcp from any to any port 3 - 192.168.187.2 port 3 pass out keep state pass quick on $int_if block in block quick from bruteforce pass in on $ext_if inet proto tcp from any to any port { 20, 21, 25, 53, 113, 3:35000 } keep state (max-src-conn 100, max-src-conn-rate 15/5, overload bruteforce flush global) pass in on $ext_if inet proto tcp from any to any port 22 keep state (max-src-conn 15, max-src-conn-rate 5/3, overload bruteforce flush global) pass in on $ext_if inet proto udp from any to any port 53 keep state pass in on $ext_if inet proto icmp from any to any keep state - Have a great week! Cheers! -- http://www.home.no/reddvinylene
Re: pf to block against DDoS?
From: Redd Vinylene [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: pf to block against DDoS? Date: Thursday, September 4, 2008 - 3:23 pm Hello hello! I was quite shocked today when I heard I could use pf to block against DDoS attacks, using Stateful Tracking Options, http://www.openbsd.org/faq/pf/filter.html#stateopts. But does anybody have any nice setups of this they'd want to share? From: Oliver Peter [EMAIL PROTECTED] To: Redd Vinylene [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: pf to block against DDoS? Date: Thursday, September 4, 2008 - 4:20 pm ... nice cross-post. I can recommend reading through this as well: http://www.bgnett.no/~peter/pf/en/bruteforce.html -- Oliver PETER, email: [EMAIL PROTECTED], ICQ# 113969174 If it feels good, you're doing something wrong. -- Coach McTavish From: Peter N. M. Hansteen [EMAIL PROTECTED] To: Oliver Peter [EMAIL PROTECTED] Cc: Redd Vinylene [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: pf to block against DDoS? Date: Friday, September 5, 2008 - 1:54 am Thanks for recommending that! However I would generally recommend the maintained version which is up at lt;http://home.nuug.no/~peter/pf/gt ;, with the direct link to the part about state tracking and bruteforcers at lt;http://home.nuug.no/~peter/pf/en/bruteforce.htmlgt;. (and of course there's the book, nudge, nudge) - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic From: Lars Noodin [EMAIL PROTECTED] To: Oliver Peter [EMAIL PROTECTED] Cc: Redd Vinylene [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: pf to block against DDoS? Date: Thursday, September 4, 2008 - 4:50 pm You can also use two tables so that the first overload gets shunted to a slow queue and given a second chance before ending up in the second table which gets blocked. -Lars Sorry, _this_ is my webserver's pf.conf (the other one was my home firewall's): - mad = 80.202.2.3 doom = { 80.202.2.4 - 80.202.2.127 } ext_if = rl0 set block-policy return set skip on { lo0 } scrub in table bruteforce persist pass out keep state block in block quick from bruteforce pass in on $ext_if inet proto tcp from any to any port 22 keep state (max-src-conn 15, max-src-conn-rate 5/3, overload bruteforce flush global) pass in on $ext_if inet proto tcp from any to $mad port { 25, 53, 80, 110 } keep state (max-src-conn 100, max-src-conn-rate 15/5, overload bruteforce flush global) pass in on $ext_if inet proto udp from any to $mad port 53 keep state pass in on $ext_if inet proto tcp from any to $doom port { 20, 21, 113, 6000: } keep state (max-src-conn 100, max-src-conn-rate 15/5, overload bruteforce flush global) pass in on $ext_if inet proto icmp from any to any keep state - I hope the design adheres to: http://en.wikipedia.org/wiki/KISS_principle -- http://www.home.no/reddvinylene
pf to block against DDoS?
Hello hello! I was quite shocked today when I heard I could use pf to block against DDoS attacks, using Stateful Tracking Options, http://www.openbsd.org/faq/pf/filter.html#stateopts. But does anybody have any nice setups of this they'd want to share? Much obliged, and thanks. -- http://www.home.no/reddvinylene