On Wed, Jun 20, 2007 at 01:27:22AM -0400, Brian A. Seklecki wrote:
Very bizarre. The only advice I can offer is that maybe it's getting
confused on - $nat_if instead of the more-pragmatic - ($nat-if).
The above worked!
Doesn't make sense though. According to pf.conf(5):
nat-rule = [
The OpenBSD PF-MIB stuff is incredibly useful -- especially the
PF-MIB:CarpIFTable objects. Thanks to all involved with that. I've also
had success with Net-SNMP 5.4 (opti@'s version) with those patches; will
try to port them to other PF-enabled OSs soon.
In the mean time, I want to keep
Luca Losio [EMAIL PROTECTED] writes:
Hi all,
I'm having a lot of crashes with my 4.1 since I updated from 4.0 ...the
console output is:
page fault trap code=0
stopped at enqueue_randomness+0xc5addb%al,0(%eax)
ddb
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING
Constantine Kousoulos wrote:
Having a linux background (and a limited NetBSD experience), i expected
to find linker scripts in the kernel source code. However, this is
simply not true for most architectures. What is the logic behind the
lack of linker scripts?
Do you have an actual problem
Constantine Kousoulos [EMAIL PROTECTED] writes:
Having a linux background (and a limited NetBSD experience), i
expected to find linker scripts in the kernel source code. However,
this is simply not true for most architectures. What is the logic
behind the lack of linker scripts?
The same
We have ipsec running on an internal firewall, with packets being
routed to the internal firewall via an external firewall. We wish to
move off of the internal 192.168.11.0/24 network and onto a net-10
network. What pf rules do we need to automatically translate between a
net-10 block and the
* Brian A. Seklecki [EMAIL PROTECTED] [2007-06-20 07:39]:
Very bizarre. The only advice I can offer is that maybe it's getting
confused on - $nat_if instead of the more-pragmatic - ($nat-if).
Perhaps the parse code is trying too hard to resolve $nat_if in the
former, and thus finding the
On Tue, Jun 19, 2007 at 07:05:38PM -0700, Don Scott wrote:
I think Artur Grabowski too easily dismisses the question.
I'd be interested to know if you get any informative responses that
are not also posted to [EMAIL PROTECTED]
Mikulas (the friend) told me the algorithm to hack the root
Yay ! Let's map everything uncached from now on! For great justice!
[I was tempted to write some stuff about how keyboard keycode translation
works in wscons, but it's not worth my time]
Miod
http://www.daemonology.net/papers/htt.pdf
This is the missing link to my post about keyboard security.
CL
On Wed, Jun 20, 2007 at 10:47:43AM +0200, Henning Brauer wrote:
* Brian A. Seklecki [EMAIL PROTECTED] [2007-06-20 07:39]:
Very bizarre. The only advice I can offer is that maybe it's getting
confused on - $nat_if instead of the more-pragmatic - ($nat-if).
Perhaps the parse code is
* Albert Chin [EMAIL PROTECTED] [2007-06-20 11:24]:
On Wed, Jun 20, 2007 at 10:47:43AM +0200, Henning Brauer wrote:
* Brian A. Seklecki [EMAIL PROTECTED] [2007-06-20 07:39]:
Very bizarre. The only advice I can offer is that maybe it's getting
confused on - $nat_if instead of the
On Wed, 20 Jun 2007, Karel Kulhavy wrote:
http://www.daemonology.net/papers/htt.pdf
This is the missing link to my post about keyboard security.
No, it isn't. You can't really compare a public key crypto operation
to someone bashing at a keyboard.
-d
On 6/19/07, Brian A. Seklecki [EMAIL PROTECTED] wrote:
Are you doing something strong with Cryptography?
No, just ssh and apache
Funny, my GENERIC kernel gives me:
OpenBSD 4.1 (GENERIC) #1435: Sat Mar 10 19:07:45 MST 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
Try
Hello.
I have machine with one interface pcn0 and ip 192.168.1.7 and I was
trying to redirect outgoing traffic from it with no success.
My pf rule:
rdr on pcn0 inet proto tcp from pcn0 to 192.168.1.1 port 80 - 192.168.1.10
When I do telnet 192.168.1.1 80 it doesn't redirect traffic.
What am I
what is 192.168.1.10 then?
Hello.
I have machine with one interface pcn0 and ip 192.168.1.7 and I was
trying to redirect outgoing traffic from it with no success.
My pf rule:
rdr on pcn0 inet proto tcp from pcn0 to 192.168.1.1 port 80 - 192.168.1.10
When I do telnet 192.168.1.1 80 it
On Wed, Jun 20, 2007 at 11:40:36AM +0200, Henning Brauer wrote:
* Albert Chin [EMAIL PROTECTED] [2007-06-20 11:24]:
On Wed, Jun 20, 2007 at 10:47:43AM +0200, Henning Brauer wrote:
* Brian A. Seklecki [EMAIL PROTECTED] [2007-06-20 07:39]:
Very bizarre. The only advice I can offer is that
On Wed, 20 Jun 2007 12:00:18 +0200, RafaE Brodewicz [EMAIL PROTECTED] wrote:
Hello.
I have machine with one interface pcn0 and ip 192.168.1.7 and I was
trying to redirect outgoing traffic from it with no success.
My pf rule:
rdr on pcn0 inet proto tcp from pcn0 to 192.168.1.1 port 80 -
It appears that a similar bug was encountered by Debian in 2005. See
http://lists.debian.org/debian-glibc/2005/08/msg00289.html
http://lists.debian.org/debian-glibc/2005/08/msg00311.html
http://lists.debian.org/debian-glibc/2005/08/msg00483.html
This would suggest that it might be a problem
O/H Chris Kuethe ]cqaxe:
Let me spin that around and ask you, what is the logic behind having
linker scripts? If our bootloader can load a simple elf binary (or
maybe one built with a slightly different text address) then why use
linker scripts?
CK
A simple answer to a simple question. Thank
Hi,
I have been experimenting with having a stream from my desktop
computer, so that I can tune in on my PDA while I am cooking in the
kitchen for example.
I have mpd installed nicely. The icecast output module for mpd has
proven too resource intensive for my 1.6gHz (which shocked me), so I
am
Just to follow-up:
I have written a plugin that uses the somewhat complete PHP Net-SNMP
bindings (no getsnmptable() ?!) and the new PF-MIB::CARP Agent
Extensions to Net-SNMP snmpd(8).
I'll post it on NagiosExchange for review if/when I can deploy a
production 4.1-stable system.
~BAS
On Fri,
Miod Vallat [EMAIL PROTECTED] writes:
Yay ! Let's map everything uncached from now on! For great justice!
Yay! Then we can start inlining code again for greater performance!
//art
Karel Kulhavy [EMAIL PROTECTED] writes:
On Tue, Jun 19, 2007 at 07:05:38PM -0700, Don Scott wrote:
I think Artur Grabowski too easily dismisses the question.
I'd be interested to know if you get any informative responses that
are not also posted to [EMAIL PROTECTED]
Mikulas (the
Artur Grabowski [EMAIL PROTECTED] writes:
And guess what. Keyboards use a serial protocol. Which means that
there will be slightly different voltage drops in the system varying
with the keys you press. ZOMG! OpenBSD provides a side channel for
attackers through the sensors framework!
And
Artur Grabowski [EMAIL PROTECTED] writes:
And don't forget the aps(4) sensor on Thinkpads! The accelerometer can
probably measure the acceleration caused by various key strokes and that
acceleration will be different depending on where on the keyboard you hit
(different angles) and with which
On 2007/06/20 14:11, Edd Barrett wrote:
So, mpd is playing through the soundcard, the icecast server is up and
waiting for sources.
There's no mixer/splitter on /dev/audio; unless it's set to non-blocking
it can't be shared. (When it is non-blocking, you can still expect some
fun...see ports@
Hi misc@,
I'm trying to understand how pfctl re-loads rules and tables. On my
soekris board, 64MB RAM, I have a large table with more than 200K
entries. It's used to perform some egress filtering (yes maybe it's
too large but it's really effective). I raised up table-entries limit
to 250K and I
Yay ! Let's map everything uncached from now on! For great justice!
[I was tempted to write some stuff about how keyboard keycode translation
works in wscons, but it's not worth my time]
Miod
You don't have to map keyboard map uncached, just change the way code is
written --- instead of
x =
On Wed, Jun 20, 2007 at 04:00:01PM +0200, Artur Grabowski wrote:
Karel Kulhavy [EMAIL PROTECTED] writes:
On Tue, Jun 19, 2007 at 07:05:38PM -0700, Don Scott wrote:
I think Artur Grabowski too easily dismisses the question.
I'd be interested to know if you get any informative
On Wed, Jun 20, 2007 at 06:14:07PM +0200, Karel Kulhavy wrote:
And guess what. Keyboards use a serial protocol. Which means that
there will be slightly different voltage drops in the system varying
The capacitors and regulator which are made to keep the voltage almost
constant
with a
Karel Kulhavy wrote:
This kind of security design is assuming favourable constellation of
uncontrollable environmental noises to scramble the information we are
knowingly leaking. It's basically a snake oil. We have no proof that under
every conceivable circumstances the noises will be present
On Wed, Jun 20, 2007 at 10:05:25AM -0700, Joe S wrote:
This site has a nice interface to ports: http://ports.openbsd.nu/
But they ports it says are in OpenBSD are not in my tree. Is this
site showing current only?
That site isn't run by the project; I assume it follows -current,
but you could
On 6/20/07, Karel Kulhavy [EMAIL PROTECTED] wrote:
This kind of security design is assuming favourable constellation of
uncontrollable environmental noises to scramble the information we are
knowingly leaking. It's basically a snake oil. We have no proof that under
every conceivable
I recently started messing with SNMP, and I found that attempting to
get it to do active monitoring via snmpd results in a segfault. could
be my box, could be that it's a new implementation, could be bad mojo.
in any event, I decided I'd reached the point of diminishing returns
via
I moved this to the appropriate list.
Please read this page, http://www.openbsd.org/mail.html to see
why it was moved.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Luciano M. Mercucci
Sent: Wednesday, June 20, 2007 11:34 AM
To: [EMAIL PROTECTED]
On Wed, Jun 20, 2007 at 10:05:25AM -0700, Joe S wrote:
I'm running openbsd 4.1-stable. I'm also using cvsup to get/update
ports-stable
[snip]
This site has a nice interface to ports: http://ports.openbsd.nu/
But they ports it says are in OpenBSD are not in my tree. Is this site
On Wednesday 20 June 2007 12:28:28 Darrin Chandler wrote:
On Wed, Jun 20, 2007 at 06:14:07PM +0200, Karel Kulhavy wrote:
And guess what. Keyboards use a serial protocol. Which means that
there will be slightly different voltage drops in the system varying
The capacitors and regulator
On 6/20/07, Matthew Szudzik [EMAIL PROTECTED] wrote:
It appears that a similar bug was encountered by Debian in 2005. See
http://lists.debian.org/debian-glibc/2005/08/msg00289.html
http://lists.debian.org/debian-glibc/2005/08/msg00311.html
I am trying to approximate the maximum number of open TCP connections
that an OpenBSD firewall can support at any given time.
The scenario here is a firewall with 2 interfaces, a bunch of Web
servers behind it on private IP addresses, a fairly simple set of rules
(NAT each server on a public
And guess what. Keyboards use a serial protocol. Which means that
there will be slightly different voltage drops in the system varying
with the keys you press. ZOMG! OpenBSD provides a side channel for
attackers through the sensors framework!
And don't forget the aps(4) sensor on
From previous discussions (search the archives) this has nothing to do
with userland memory available but to kernel data structures.
Also read pf.conf(5) man page:
OPTIONS
pf(4) may be tuned for various situations using the set command.
interval Interval between purging
* Bob Beck wrote:
And guess what. Keyboards use a serial protocol. Which means that
there will be slightly different voltage drops in the system varying
with the keys you press. ZOMG! OpenBSD provides a side channel for
attackers through the sensors framework!
And don't forget
someone already hacked you and sent that message -- be afraid
On 6/20/07, Marc Balmer [EMAIL PROTECTED] wrote:
* Bob Beck wrote:
And guess what. Keyboards use a serial protocol. Which means that
there will be slightly different voltage drops in the system varying
with the keys you
That's ok, you can use my wep enabled wireless keyboard!!
On 6/20/07, Marc Balmer [EMAIL PROTECTED] wrote:
* Bob Beck wrote:
And guess what. Keyboards use a serial protocol. Which means that
there will be slightly different voltage drops in the system varying
with the keys you press.
On 6/20/07, Francesco Toscan [EMAIL PROTECTED] wrote:
when I first load the rules everything works fine;
when I reload the rules with pfctl -f pf.conf, pfctl segfaults or
exits returning Cannot allocate memory as if table-entries limit
were not high enough.
If I first flush the large table and
right. i'm not even sure what the growsdown flag does.
Indeed, Linux doesn't have the same standard of documentation as OpenBSD.
The PROT_GROWSDOWN flag for mprotect is not even mentioned in mprotect's
man page on linux
http://linux.about.com/library/cmd/blcmdl2_mprotect.htm
On 6/18/07, Alexey Suslikov [EMAIL PROTECTED] wrote:
Hello [EMAIL PROTECTED]
As seen in http://wiki.x.org/wiki/IntelGraphicsDriver, xf86-video-i810
is no more and there is xf86-video-intel driver instead.
New driver supports more chipsets including i965 and i945 (aka
GMA 950 which is
On Wed, 20 Jun 2007, Mikulas Patocka wrote:
Yay ! Let's map everything uncached from now on! For great justice!
[I was tempted to write some stuff about how keyboard keycode translation
works in wscons, but it's not worth my time]
Miod
You don't have to map keyboard map uncached,
And guess what. Keyboards use a serial protocol. Which means that
there will be slightly different voltage drops in the system varying
with the keys you press. ZOMG! OpenBSD provides a side channel for
attackers through the sensors framework!
And don't forget the aps(4) sensor on
David Newman [EMAIL PROTECTED] wrote:
Anything else?
perldoc perlsec has a lot of good advice.
--
Stephen Takacs [EMAIL PROTECTED] http://perlguru.net/
4149 FD56 D078 C988 9027 1EB4 04CC F80F 72CB 09DA
I have a problem where I need to know how much traffic has passed on a
given interface. I don't need it broken down by IPs, protocols or
whatever of the sort.
After a bit of research I discovered the SIOCGIFDATA ioctl that seems
to do what I want.
I built myself a little test application to
On Wed, 20 Jun 2007, Jason Dixon wrote:
On Wed, 20 Jun 2007 12:00:18 +0200, RafaE Brodewicz [EMAIL PROTECTED]
wrote:
Hello.
I have machine with one interface pcn0 and ip 192.168.1.7 and I was
trying to redirect outgoing traffic from it with no success.
My pf rule:
rdr on pcn0
I've successfully installed OpenBSD 4.1. I'm new for
OpenBSD therefore
still studying how to update OpenBSD ports tree. How
can i do this?
Please someone tell me quick tips. If give me more
detailed information
i'll be very happy.
--
Best regards,
Erdenebat Guntomor
I've successfully installed OpenBSD 4.1. I'm new for OpenBSD therefore
still studying how to update OpenBSD ports tree. How can i do this?
Please someone tell me quick tips. If give me more detailed information
i'll be very happy.
--
Best regards,
Erdenebat Guntomor
On 6/20/07, Erka Gun [EMAIL PROTECTED] wrote:
I've successfully installed OpenBSD 4.1. I'm new for
OpenBSD therefore
still studying how to update OpenBSD ports tree. How
can i do this?
Please someone tell me quick tips. If give me more
detailed information
i'll be very happy.
Read all of
Ok. So it appears the port I want is in CURRENT ports. Since we're not
supposed to mix CURRENT ports with a STABLE system (or vice-versa), I have
to wait for this port to get included in STABLE, which I'm guessing would be
in 4.2 or build it from scratch.
On 6/20/07, Josh Grosse [EMAIL
On 6/16/07, Marius Hooge [EMAIL PROTECTED] wrote:
Can at least someone tell me, why I get no replies?
probably because nobody can help. sometimes things don't work out.
58 matches
Mail list logo