Re: Need FreeBSD-SA-00:52(TCP uses weak initial sequence numbers) latest patch

I think the confusion here is that your test program below has a bug - your RST packet is invalid so it's not closing the socket on the other side. If you look at how a normal RST is generated normally: 17:13:42.626365 IP src.26057 > dst.22: Flags [S], seq 472216885, win 65535, length 0 17:13:4

Re: Atom C2758 - loading aesni(4) reduces performance

> On May 24, 2015, at 5:44 PM, John-Mark Gurney wrote: > > If you have cryptodev loaded, this is to be expected as OpenSSL will > use /dev/crypto instead of the AES-NI instructions.. Just don't load > cryptodev and you'll be fine.. > So to make sure I’m understanding… openssl has native AES-N

Re: Atom C2758 - loading aesni(4) reduces performance

n example: > > % freebsd-version > 10.1-RELEASE-p10 > > % openssl version > OpenSSL 1.0.1l-freebsd 15 Jan 2015 > > % /usr/local/bin/openssl version > OpenSSL 1.0.2a 19 Mar 2015 > > On Sun, May 24, 2015 at 12:22 PM, Kevin Day wrote: >> >> I’ve got an

Atom C2758 - loading aesni(4) reduces performance

I’ve got an Atom C2758 system: CPU: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz (2400.06-MHz K8-class CPU) Origin = "GenuineIntel" Id = 0x406d8 Family = 0x6 Model = 0x4d Stepping = 8 Features=0xbfebfbff Features2=0x43d8e3bf AMD Features=0x28100800 AMD Features2=0x101 Standard Exten

Re: FreeBSD Security Advisory FreeBSD-SA-14:08.tcp

> Affects:All supported versions of FreeBSD. > Corrected: 2014-04-30 04:04:20 UTC (stable/8, 8.4-STABLE) > 2014-04-30 04:05:47 UTC (releng/8.4, 8.4-RELEASE-p9) > 2014-04-30 04:05:47 UTC (releng/8.3, 8.3-RELEASE-p16) > 2014-04-30 04:04:20

Re: FreeBSD Security Advisory FreeBSD-SA-13:05.nfsserver [REVISED]

On Apr 29, 2013, at 4:56 PM, FreeBSD Security Advisories wrote: > II. Problem Description > > When processing READDIR requests, the NFS server does not check that > it is in fact operating on a directory node. An attacker can use a > specially modified NFS client to submit a READDIR request o

Re: seeding dev/random in 5.5

On Aug 8, 2006, at 12:34 PM, Doug Barton wrote: (if doing this from an unattended bootup, expecting the 300 second timeout, I find that sshd does not start!) I cannot imagine a scenario where a competent system administrator would do a clean install on a machine, reboot it, and then just wal

Re: Repeated attacks via SSH

On Oct 2, 2005, at 5:01 PM, Brett Glass wrote: Everyone: We're starting to see a rash of password guessing attacks via SSH on all of our exposed BSD servers which are running an SSH daemon. They're coming from multiple addresses, which makes us suspect that they're being carried out by a