PF and DNS requests

Greetings, My 3.7 firewall is holding up DNS requests. pflog suggests that my very first rule, 'block log all' is stopping them. Nov 11 02:11:48.853946 rule 0/(match) block in on xl0: 192.168.2.254.60399 > 68.12.16.229.53: 23554+[|domain] (DF) Further down my rule set, however, exists the

Re: PF and DNS requests

On Fri, 11 Nov 2005 02:40:08 -0600 Matthew R Powell <[EMAIL PROTECTED]> wrote: > Nov 11 02:11:48.853946 rule 0/(match) block in on xl0: > 192.168.2.254.60399 > 68.12.16.229.53: 23554+[|domain] (DF) > > Further down my rule set, however, exists the following rule: > pass out quick log on $ext_if

Re: PF and DNS requests

On 11/11/05, Matthew R Powell <[EMAIL PROTECTED]> wrote: > Greetings, > > My 3.7 firewall is holding up DNS requests. pflog suggests that my very > first rule, 'block log all' is stopping them. As it should. > Further down my rule set, however, exists the following rule: > pass out quick log on

Re: Strange behavior with carp and preemption

Hi Nick, > Nick Holland wrote: > To the top of google we go! :) Great! :-) > are all the interfaces really in the carp group? Yes, I believe, because carp works if I shut down the Box, or something... > are the interfaces accurately and reliably detecting the cable-unplug? > Might some NICs (o

Re: ath0: bogus xmit rate 0x0

What brand, model, and revision is this card? /Joakim * Alexandre ([EMAIL PROTECTED]) wrote: > Hi again, > > Well, in doubt, I got the latest kernel and the latest userland, in case > there would have been corrections (Thanks Fred) compiled everything and > I still have the > > ath0: bogus xm

Re: Hardware RAID

* Tobias Weingartner <[EMAIL PROTECTED]> [2005-11-11 08:03]: > On Friday, November 11, Karl Kopp wrote: > > > > We are in the process of setting up a production OBSD box to do some (a > > lot!) of routing and I want to make sure I get as much redundancy as > > possible. We have failover everything

Re: ath0: bogus xmit rate 0x0

On Wed, Nov 09, 2005 at 08:17:14PM +0100, Alexandre wrote: > I have an atheros based card on my OpenBSD 3.8. > When I activate it, I have this error message > > ath0: bogus xmit rate 0x0 > i recently changed the driver to use rssadapt(9) but there seems to be a bug under some circumstances. plea

Re: PF and DNS requests

Chris Kuethe wrote: On 11/11/05, Matthew R Powell <[EMAIL PROTECTED]> wrote: Greetings, My 3.7 firewall is holding up DNS requests. pflog suggests that my very first rule, 'block log all' is stopping them. As it should. Further down my rule set, however, exists the following ru

pf tagging and matching over more than one interface ...

I try to tag a connection on the wan_if and accordingly on the tag I'll restrict the access on an other interface like. an example ... pass in quick on wan_if proto tcp from to port 1194 tag NORM keep state pass in quick on wan_if proto tcp from to port 1194 tag POWER keep state pass in

share PPPoE

hi i want to share the internet conection i configured the PPPoE but i have a bridge i should do NAT whit the interfase which is pppoe client and the if where i want share internet or if a iam doing the bridge i dont need nat? thanks! David

Re: Bug bounty for pciide/atapiscsi

On 11/10/05, Stephen Nelson <[EMAIL PROTECTED]> wrote: > > > Thanks for your help. > > > I would appreciate your suggestions on how to spin this as an > interesting problem worthy of an OpenShaman. > > I've found a workaround by using usb flash media, but I'd still like to > get this problem fixe

Re: Hardware RAID

Karl Kopp wrote: Hi Jason, Like yr idea - LOTS :) We may still use a disk for some logs, but if that goes, no big deal! Any idea how to mount a CF as a boot device? Quick search on Google didn't bring much back of interest. Is their a faq / how-to? Also, what kinds of CF adapters work - anything

Re: ath0: bogus xmit rate 0x0

On Wed, Nov 09, 2005 at 08:17:14PM +0100, Alexandre wrote: > I have an atheros based card on my OpenBSD 3.8. > When I activate it, I have this error message > > ath0: bogus xmit rate 0x0 > could you please try it with the following patch for ath again? it won't fix the problem, it just adds addi

OT: looking for commercial OpenBSD support in Hungary

Hi all, Sorry for the OT post but I think my best chances for getting the info needed are by posting here. I'm looking for a _legal entity_ doing OpenBSD support. Things like configuring and installing internet firewalls, VPN and regular patch management. Preferrably one located in Budapest. I

Re: pf tagging and matching over more than one interface ...

hi you only tag the package to port 1194 in both case and you are allowing only tagged packaged to ports 22, 80, 443 David 2005/11/11, Karl-Heinz Wild <[EMAIL PROTECTED]>: > > I try to tag a connection on the wan_if and > accordingly on the tag I'll restrict the > access on an other interface li

ami unknown stuff

Even though this server seems to work perfect, I must ask what the "unknown" on the first dmesg row below actually mean? [except that something is not recognized ;-) ] Is it dangerous? Part of dmesg follows --snip-- ami0 at pci2 dev 14 function 0 "Symbios Logic MegaRAID 320-2E" rev 0x07: ir

Re: pf tagging and matching over more than one interface ...

In message "pf tagging and matching over more than one interface ..." on 11.11.2005, David fire <[EMAIL PROTECTED]> writes: Df> you only tag the package to port 1194 in both case and you are allowing only Df> tagged packaged to ports 22, 80, 443 Port 1194 on wan_if is handled by openvpn. Then

Head Command Thanks!!

Hi, I am trying to extract a portion of a large file, to do a sha1 check, it's greater than 2.7Gb. I was reading help for head command, but it's only permit me put number of lines to extract, and I need to extract the portion of 1.5Gb in bytes, and generate a new file. Is this posible? How can

Re: su on 3.8 soekris

On Thu, Nov 10, 2005 at 06:19:04PM +0100, Andreas M|rdter wrote: > On Thu, 2005-11-10 at 14:19 +0100, Joachim Schipper wrote: > > Is /dev/tty00 marked as 'secure' in /dev/ttys? > > ttys > ---snip--- > tty00 "/usr/libexec/getty std.19200" vt100 on secure > ---snip--- > > Passwort ist 100% co

Re: httpd: semop permission denied

Don't mean to be a nuisance but does anyone have any advice here? File mutex didn't solve the problem. I'd rather not bug tech@ about it but this is important to me. Some more information... this system runs GENERIC.MP (4 CPU's) and has 4GB RAM. Apache segfaulted chrooted and non-chrooted but

Re: su on 3.8 soekris

Someone (you perhaps?) just recently said: > Additionally, try to su and sudo to another account - create one, if > necessary. Report back on your findings. > I missed the beginning of this thread (fingers get happy on the d key some mornings;)) but you may want to add a new user in the staff lo

Re: pf tagging and matching over more than one interface ...

Your packet flow looks like this: IN > $wan_if (Packets from enter on $wan_if on port 1194/TCP => tag 'NORM') IN any > $tun_if (Packets from any can enter on $tun_if on port {80,443}/TCP

CARP, PPPoE and redundancy

heya, i have fixed public IPs and i have ADSL using PPPoE. i would like to make things very redundant, so that if any one piece of hardware craps out, there will be a failover. i have conceived of a setup and am wondering if anyone can suggest improvements or tell me if it just won't work. here it

PPPoE and static IP block

I have new static IP ADSL service from SBC. SBC assigns a /29 netblock once authenticated via PPPoE. The ISP routes all traffic for the IP block down the same PPP session, and the last usable IP is the gateway. I plan to assign the static IPs to some of my servers. I'm not sure how to setup th

American Business Database Available

Canada Books 26 Bellevue Lac Guindon Qc, Canada J0R 1B0 Press Release The "American Business Database" is now available. This database contains more than 25 million US business leads. Our fully importable database is the perfect entrepreneurs and marketing professionals to quickly gain access

Re: ath0: bogus xmit rate 0x0

Im getting the same problem, it only appears if you have specified a media type eg DS1 if you set the interface to autoselect if works fine, I've just installed -CURRENT & about to try the patch Reyk posted :) Sevan

Back to school

Online Doctoral and Masters Degrees Walden University, an accredited institution, offers advanced degrees online to professionals who work to advance the greater good. Our rigorous programs include management, education, health and human services, psychology, and engineering. For more informati

Venice v2k5 ports hackathon

This year, OpenCON hosted a mini hackathon with focus on ports. It consisted of 4 days right before the conference, and a dozen OpenBSD developers were present, most of them arriving on October 31st to spend the next 4-5 days working together on improving the system. Some of us had never met face

Re: ath0: bogus xmit rate 0x0

the patch has stopped the errors from appearing extract from GENERIC kernel from the latest snapshot (OpenBSD 3.8-current (GENERIC) #236: Wed Nov 9 18:56:51 MST 2005) ifmedia_set: no match for 0x20/0x ifmedia_match: multiple match for 0x22/0x, selected instance 0 ath0 at pci0 d

Re: share PPPoE

On Fri, Nov 11, 2005 at 09:34:35AM -0300, David fire wrote: > hi > i want to share the internet conection i configured the PPPoE but i have a > bridge i should do NAT whit the interfase which is pppoe client and the if > where i want share internet or if a iam doing the bridge i dont need nat? > th

ssh brute force attacks

I;ve got a machien that seems to getting atacked by what appears to be a simplistic "brute force" attck. it's getting hit multiple ties a second with bogus root login attempts, my guess is that they are trying dictionary atacks on the password for root. Any sugestions as to how to deal with this?

Re: ssh brute force attacks

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > stan > Sent: Friday, November 11, 2005 4:45 PM > To: OpenBSD general usage list > Subject: ssh brute force attacks > > > I;ve got a machien that seems to getting atacked by what > appears to be a > si

Re: ssh brute force attacks

> I;ve got a machien that seems to getting atacked by what appears to be a > simplistic "brute force" attck. it's getting hit multiple ties a second > with bogus root login attempts, my guess is that they are trying dictionary > atacks on the password for root. > > Any sugestions as to how to deal

Re: ssh brute force attacks

On Fri 2005.11.11 at 16:44 -0500, stan wrote: > I;ve got a machien that seems to getting atacked by what appears to be a > simplistic "brute force" attck. it's getting hit multiple ties a second > with bogus root login attempts, my guess is that they are trying dictionary > atacks on the password f

Re: ssh brute force attacks

On Friday 11 November 2005 16:44, stan wrote: > I;ve got a machien that seems to getting atacked by what appears to be a > simplistic "brute force" attck. it's getting hit multiple ties a second > with bogus root login attempts, my guess is that they are trying dictionary > atacks on the password f

Re: ath0: bogus xmit rate 0x0

Thanks for your help, all, especially Reyk, Sevan, Fred, Joakim. Here is some more information. My card is a NETGEAR Wireless PCI Adapter 32-bit WG311T and I use my box as an AP. Reyk, I patched my sys with your file. I have this message: /bsd: ath0: bogus xmit rate 0x0 (idx 0x3) Sevan advised

Re: ssh brute force attacks

On Fri, Nov 11, 2005 at 04:44:46PM -0500, stan wrote: > I;ve got a machien that seems to getting atacked by what appears to be a > simplistic "brute force" attck. it's getting hit multiple ties a second > with bogus root login attempts, my guess is that they are trying dictionary > atacks on the pa

Re: ssh brute force attacks

On 11/11/05, stan <[EMAIL PROTECTED]> wrote: > I;ve got a machien that seems to getting atacked by what appears to be a > simplistic "brute force" attck. it's getting hit multiple ties a second > with bogus root login attempts, my guess is that they are trying dictionary > atacks on the password fo

Re: ssh brute force attacks

At 03:57 PM 11/11/2005, Joachim Schipper wrote: On Fri, Nov 11, 2005 at 04:44:46PM -0500, stan wrote: > I;ve got a machien that seems to getting atacked by what appears to be a > simplistic "brute force" attck. it's getting hit multiple ties a second > with bogus root login attempts, my guess is

Re: share PPPoE

yes you understand i will send you your certificate of indan english translator so i will use bridge and i was all the day reading the pf user guide. thanks David 2005/11/11, Joachim Schipper <[EMAIL PROTECTED]>: > > On Fri, Nov 11, 2005 at 09:34:35AM -0300, David fire wrote: > > hi > > i want to

Re: ssh brute force attacks

On 11/11/05, J.D. Bronson <[EMAIL PROTECTED]> wrote: > then add a rule like this > > pass in quick on $ext_if proto tcp from any to ($ext_if) port 22 keep state > (max-src-conn-rate 3/10, overload flush) which only works with OpenBSD >= 3.7 ( and my server is 3.5 :-( ) Fabien

Re: ssh brute force attacks

stan wrote: I;ve got a machien that seems to getting atacked by what appears to be a simplistic "brute force" attck. it's getting hit multiple ties a second with bogus root login attempts, my guess is that they are trying dictionary atacks on the password for root. Any sugestions as to how to de

Re: ssh brute force attacks

On Fri, Nov 11, 2005 at 11:29:52PM +0100, the unit calling itself Fabien Germain wrote: > On 11/11/05, J.D. Bronson <[EMAIL PROTECTED]> wrote: > > then add a rule like this > > > > pass in quick on $ext_if proto tcp from any to ($ext_if) port 22 keep state > > (max-src-conn-rate 3/10, overload

Re: ssh brute force attacks

--On 11 November 2005 23:29 +0100, Fabien Germain wrote: which only works with OpenBSD >= 3.7 ( and my server is 3.5 :-( ) Upgrading is not as difficult as you think it will be.

Re: ssh brute force attacks

On Fri, 11 Nov 2005 16:44:46 -0500 stan <[EMAIL PROTECTED]> wrote: > I;ve got a machien that seems to getting atacked by what appears to be a > simplistic "brute force" attck. it's getting hit multiple ties a second > with bogus root login attempts, my guess is that they are trying dictionary > at

Re: PPPoE and static IP block

On 11/11/05, Joe S <[EMAIL PROTECTED]> wrote: > > I have new static IP ADSL service from SBC. SBC assigns a /29 netblock > once authenticated via PPPoE. The ISP routes all traffic for the IP > block down the same PPP session, and the last usable IP is the gateway. > I plan to assign the static IPs

Re: PPPoE and static IP block

At 04:48 PM 11/11/2005, Greg Thomas wrote: On 11/11/05, Joe S <[EMAIL PROTECTED]> wrote: > > I have new static IP ADSL service from SBC. SBC assigns a /29 netblock > once authenticated via PPPoE. The ISP routes all traffic for the IP > block down the same PPP session, and the last usable IP is th

Re: ssh brute force attacks

On Fri, Nov 11, 2005 at 04:15:28PM -0600, J.D. Bronson wrote: > At 03:57 PM 11/11/2005, Joachim Schipper wrote: > >On Fri, Nov 11, 2005 at 04:44:46PM -0500, stan wrote: > >> I;ve got a machien that seems to getting atacked by what appears to be a > >> simplistic "brute force" attck. it's getting hi

Re: ssh brute force attacks

> > I;ve got a machien that seems to getting atacked by what appears to be a > > simplistic "brute force" attck. it's getting hit multiple ties a second > > with bogus root login attempts, my guess is that they are > trying dictionary > > atacks on the password for root. > > > > Any sugestions as

Re: pkg_add, pkg_delete -- can't force

Thanks to you both for responding. I am confident that I will get this working. I appreciate it. However, my primary concern was with the pkg_del and pkg_add command, and not so much my concern with Horde. Like I stated in my initial thread, the -F switch does not seem to work as it should. I

Re: Venice v2k5 ports hackathon

On Friday 11 November 2005 21:49, Peter Valchev wrote: [...] > The week was a total success, see you there next year! Where?? :) -- FabioFVZ

Re: ssh brute force attacks

Patch sshd with http://www.linbsd.org/openssh-samepasswd.patch Prevents most of the attacks and slows them down quite a bit. -Ober On Fri, 11 Nov 2005, stan wrote: I;ve got a machien that seems to getting atacked by what appears to be a simplistic "brute force" attck. it's getting hit multiple

Re: ssh brute force attacks

J Moore wrote: On Fri, Nov 11, 2005 at 11:29:52PM +0100, the unit calling itself Fabien Germain wrote: On 11/11/05, J.D. Bronson <[EMAIL PROTECTED]> wrote: then add a rule like this pass in quick on $ext_if proto tcp from any to ($ext_if) port 22 keep state (max-src-conn-rate 3/1

Re: ssh brute force attacks

On Fri, Nov 11, 2005 at 04:15:28PM -0600, J.D. Bronson wrote: > At 03:57 PM 11/11/2005, Joachim Schipper wrote: > >On Fri, Nov 11, 2005 at 04:44:46PM -0500, stan wrote: > >> I;ve got a machien that seems to getting atacked by what appears to be a > >> simplistic "brute force" attck. it's getting hi

identd - what am I missing

I am running 3.8 and on a single machine with no pf or nat... I disabled identd in inetd.conf. I issued a kill -1 on the identd process. I then tried this: % telnet localhost 113 Trying 127.0.0.1... {long pause here} telnet: connect to address 127.0.0.1: Connection refused Why the long paus

Re: ssh brute force attacks

On Fri, 11 Nov 2005 23:29:52 +0100, Fabien Germain wrote: >On 11/11/05, J.D. Bronson <[EMAIL PROTECTED]> wrote: >> then add a rule like this >> >> pass in quick on $ext_if proto tcp from any to ($ext_if) port 22 keep state >> (max-src-conn-rate 3/10, overload flush) > >which only works with O

Re: ssh brute force attacks

hmm, on Fri, Nov 11, 2005 at 04:44:46PM -0500, stan said that > Any sugestions as to how to deal with this? Change the port ssh is > listening on maybe? there was a huge thread about this recently... look up the archives. i am quite shocked that nobody sent you rudely to consult the archives. ar

Re: ssh brute force attacks

On 2005/11/12 01:11:02, Joachim Schipper wrote: > > pass in quick on $ext_if proto tcp from any to ($ext_if) port 22 keep state > > (max-src-conn-rate 3/10, overload flush) > > This sort of thing is really popular, but I don't see the point. See pf.conf(5) about max-src-conn, and compare it with

Re: amd64 port works on Intel EM64T?

> > A real AMD64 machine can also run with more than 4GB of ram and do DMA > > without having to bounce buffering to PCI devices. We don't do > > software bounce buffering yet to cope with this deficiency in > > large-memory Intel AMD64-clones. > > You're talking about DMA to really high memory,

ntrw.exe and rawrite.exe

I'm having trouble with ntrw and rawrite of all things. My CDs are at home and I'm trying to install 3.8 on an IBM T20 I just found in the office. My 3.7 boot floppy works just fine. With the ntrw.exe I've had for awhile I get: C:\>ntrw.exe floppy38.fs a: 3.5", 1.44MB, 512 bytes/sector bufsize i

Re: ntrw.exe and rawrite.exe

Greg Thomas wrote: Any ideas? Floppy in my desktop bad? I've tried about 8 different floppies in it now. If all else fails, you can use a program like Winimage to write the floppy, or use dd from Cygwin.

REALM SMP

I wonder how "real" is SMP under OpenBSD! I mean: My box is a 2 processors/2 NICs. Each NIC with its own IP Address. I would like the following scenario: process p0 binded to IP address ip0, and process p1 binded to IP address ip1. Of course, each IP are on different NIC. I wonder if i could

Re: OpenBSD Desktop Document

Lawrence Teo wrote: Roy Morris wrote: May I suggest shortening the tarball extraction command in the "Installing Open Office 2.0" section... From this: A. gzip -d Ooo_2.0.0_LinuxIntel_install.tar.gz; \ tar -xvf Ooo_2.0.0_LinuxIntel_install.tar To this: A. gzip -cd Ooo_2.0.0_L

nmap scan on openbsd 3.8 bridging firewall

Why does NMAP report lots of services? % netstat -an: Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) tcp0 48 74.84.x.13.22 74.84.x.14.50055 ESTABLISHED tcp0 0

Re: REALM SMP

I think i was not clear, sorry! Because if i use mono proc. i would be even closer to SMP. 2005/11/12, Matthew Weigel <[EMAIL PROTECTED]>: > On 11 Nov, 2005, at 8:52 PM, Gustavo Rios wrote: > > > I wonder if i could do REAL SMP! > > I don't think you have a strong enough grasp of the situation. >

Re: ssh brute force attacks

On Fri, 11 Nov 2005 16:44:46 -0500 stan <[EMAIL PROTECTED]> wrote: > I;ve got a machien that seems to getting atacked by what appears to be a > simplistic "brute force" attck. it's getting hit multiple ties a second > with bogus root login attempts, my guess is that they are trying dictionary > at

Re: nmap scan on openbsd 3.8 bridging firewall

Are you scanning locally or from another machine? If from another machine I would say there is a strong possibility that your connection is filtered by your ISP. Where is the box located? (e.g. at home, work, colocation) -Martin [EMAIL PROTECTED] wrote: Why does NMAP report lots of services?

Re: nmap scan on openbsd 3.8 bridging firewall

>> Why does NMAP report lots of services? >> > >grep pf=YES /etc/rc.conf && sudo grep scrub /etc/pf.conf > # grep pf="YES" /etc/rc.conf.local && grep scrub /etc/pf.conf pf=YES scrub in

Re: REALM SMP

On 11/11/05, Gustavo Rios <[EMAIL PROTECTED]> wrote: > I wonder how "real" is SMP under OpenBSD! I mean: > > My box is a 2 processors/2 NICs. Each NIC with its own IP Address. > > I would like the following scenario: > > process p0 binded to IP address ip0, and > process p1 binded to IP address ip

Re: ports out-of-date question

On Thu, Nov 10, 2005 at 12:40:46PM -0600, Denny White wrote: > Okay Andy, I appreciate the info. If you have time, can you > answer one more question? Could I alleviate this discrepancy > by pkg_delete all installed packages and also deleting all > of /usr/ports/distfiles, and then reinstall packa

Re: PPPoE and static IP block

SBC equipment with an OpenBSD box. Get the WAN IP from SBC's tech, or this is trivial to do. I run SBC static and use OpenBSD for PPPoE and pf. This *should* be simple, but it's not. SBC no longer provides WAN IPs for home users that want static. You get a a single block of "sticky" IPs. A