On 02/04/2006 01:05:17 AM, veins wrote:
I think you are missing the point, cgd and salting are two different
and
unrelated things. It's not because cgd isn't making it into OpenBSD,
that salting won't make it into svnd. I'd explain, but frankly after a
night at work i'd rather go and sleep whi
On Wednesday 04 January 2006 02:36, Otto Moerbeek wrote:
>
> On Tue, 3 Jan 2006, Dave Feustel wrote:
>
> > On Tuesday 03 January 2006 17:50, Otto Moerbeek wrote:
> > >
> > > On Tue, 3 Jan 2006, Dave Feustel wrote:
> > >
> > > > On Tuesday 03 January 2006 17:11, J.C. Roberts wrote:
> > > >
> >
On 1/4/06, Ted Unangst <[EMAIL PROTECTED]> wrote:
> On 1/3/06, knitti <[EMAIL PROTECTED]> wrote:
> > cgd gives users some choice over how to build their encrypted partition.
> > you're able to use different ciphers.
> > in the unlikely case of a cipher getting broken, you have the possibility to
>
On 1/3/06, Justin H Haynes <[EMAIL PROTECTED]> wrote:
>
> I really appreciate this work. Until it is complete, here are a few
> quick and dirty things I do to make the upgrade process a little
> easier. Probably common sense to many, but I'll share it all the same:
>
> https://justinhaynes.com/we
Edd Barrett wrote:
I'm taking a university degree that teaches unix system programming in
solaris in the second year.
FWIW, here we scratch the surface too... But I was glad I read the knf
manpage and some code reviews on this list. The c.l.c FAQ was also a
very good resource.
On a tangent,
> > this is really not that useful. why would you pick anything other
> > than "the best" when setting it up?
>
> because no one knows what the best is. blowfish appears to be the best
> at the moment, because its secure and fast. some other people don't like
> block sizes of 64 bit. so perhaps t
On 4 jan 2006, at 05.57, Jason Dixon wrote:
After some gentle persuading by Adrian Close, I dropped ipsecadm
and went back to automatic key exchange with isakmpd. A quick
configuration based on the east/west and all is good. Same PF
configuration, no changes there except for the addition
To begin, I'm running OpenBSD trim.chrispyfur.net 3.6 GENERIC.MP#173
i386.
I have some suspect files in /tmp, and I'm fairly sure that they
shouldn't be there. Only thing I can't twig is what method the
attackers used to get the files into that directory. The files are:
##
On Jan 4, 2006, at 9:32 AM, Hekan Olsson wrote:
On 4 jan 2006, at 05.57, Jason Dixon wrote:
After some gentle persuading by Adrian Close, I dropped ipsecadm
and went back to automatic key exchange with isakmpd. A quick
configuration based on the east/west and all is good. Same PF
config
Jason Dixon wrote:
On Jan 4, 2006, at 9:32 AM, Hekan Olsson wrote:
On 4 jan 2006, at 05.57, Jason Dixon wrote:
After some gentle persuading by Adrian Close, I dropped ipsecadm and
went back to automatic key exchange with isakmpd. A quick
configuration based on the east/west and all is goo
Looks like you've made some new friends in Manaus, Brazil :-)
-p.
On Wed, Jan 04, 2006 at 02:50:01PM +, Gaby vanhegan wrote:
> To begin, I'm running OpenBSD trim.chrispyfur.net 3.6 GENERIC.MP#173
> i386.
>
> I have some suspect files in /tmp, and I'm fairly sure that they
> shouldn't be
On 1/4/06, Marco Peereboom <[EMAIL PROTECTED]> wrote:
> > because no one knows what the best is. blowfish appears to be the best
> > at the moment, because its secure and fast. some other people don't like
> > block sizes of 64 bit. so perhaps they take aes, which is slightly slower
> > but encrypt
Hi,
Standard advise is to reinstall the o/s (3.8 ? ;-) and then _data_
only from know good backup. You could use a boot cdrom & dd off an
image of the disk for later analysis if you want first.
Is there some attack vector like php or such available on the
machine ? maybe they used that t
On Wed, 2006-01-04 at 14:50:01 +, Gaby vanhegan proclaimed...
> To begin, I'm running OpenBSD trim.chrispyfur.net 3.6 GENERIC.MP#173
> i386.
>
> I have some suspect files in /tmp, and I'm fairly sure that they
> shouldn't be there. Only thing I can't twig is what method the
> attackers
On 4 Jan 2006, at 15:51, Pete Vickers wrote:
> Standard advise is to reinstall the o/s (3.8 ? ;-) and then _data_
> only from know good backup. You could use a boot cdrom & dd off an
> image of the disk for later analysis if you want first.
It seems that the files have been uploaded, but they
On 4 Jan 2006, at 16:05, eric wrote:
>> I have some suspect files in /tmp, and I'm fairly sure that they
>> shouldn't be there. Only thing I can't twig is what method the
>> attackers used to get the files into that directory. The files are:
>
> Is this doing any A/V scanning? You have told us n
Kim Onnel wrote:
I just dont understand what ur saying
Damn, sorry about that.
- FWIW means "for what (little) it's worth" :-)
- knf is a manpage; actually, I think it's called style in section 9.
- c.l.c. is an usenet group; the comp.lang.c FAQ has lots of tips and
tricks which I think ar
On Wed, Jan 04, 2006 at 04:07:21PM +, Gaby vanhegan wrote:
> On 4 Jan 2006, at 15:51, Pete Vickers wrote:
> > Is there some attack vector like php or such available on the
> > machine ? maybe they used that to retrieve & write the file?
>
> The messages in the log file indicate that they use
> > To begin, I'm running OpenBSD trim.chrispyfur.net 3.6 GENERIC.MP#173
> > i386.
> >
> > I have some suspect files in /tmp, and I'm fairly sure that they
> > shouldn't be there. Only thing I can't twig is what method the
> > attackers used to get the files into that directory. The files are:
>
On 1/4/06, knitti <[EMAIL PROTECTED]> wrote:
> > this is really not that useful. why would you pick anything other
> > than "the best" when setting it up?
>
> because no one knows what the best is. blowfish appears to be the best
> at the moment, because its secure and fast. some other people don'
On Wed, Jan 04, 2006 at 05:28:38PM +0100, Joachim Schipper wrote:
> There was a phpBB2 in one of the paths used. If you have phpBB enabled
> somewhere, that's a likely attack vector.
>
I noticed that too. phpBB has been used for many sorts of tricks.
The ISP that I work for scans for it and supp
On 1/4/06, Ted Unangst <[EMAIL PROTECTED]> wrote:
>
> aes has faster key setup, which is important for swap but not for
> svnd. the cvs changelog says as much. swap encryption started out
> using blowfish as well.
i also should have pointed out that swap was converted to using
rijndael, not aes,
On 1/4/06, Karl O. Pinc <[EMAIL PROTECTED]> wrote:
> another point of my post was to indicate that yes, tedu is right
> in that most people _won't_ run CGD (or svnd) but people _still_
> appreciate having the option open. I, like IMO a lot of
> people, have only enough interest to kibbutz in the h
Uwe Dippel wrote:
> On Mon, 02 Jan 2006 14:06:52 +0100, M. Schatzl wrote:
>
>
>>Now that I switched to a 60G disk (cloned the other 2 partitions and the
>>Windows bootsector, then installed OpenBSD anew from the same
>>floppy/mirror as before), OpenBSD won't boot any more, except when I run
>>the
On Wednesday, January 4, Andreas Bartelt wrote:
>
> In my personal opinion, I think, the weakest link is entering the
> password when opening a svnd device. Are there already solutions known
> which combine passwords (knowledge) with hardware devices (i.e.
> smartcards) or biometrics in order t
On 4 Jan 2006, at 16:28, Joachim Schipper wrote:
>> The messages in the log file indicate that they used some command
>> injection in a script to call wget and download the files into /tmp.
>> I'm fairly sure it was via a bad script, and I'm trying to locate
>> which script was used, so far with n
Feh, just have a read-only / with a read/write /home. Then just tell
Dad to pull the plug when he's finished.
FWIW he, and you, will probably go back to windows right quick with
that solution.
On Wed, 4 Jan 2006, Craig Skinner wrote:
On Wed, Jan 04, 2006 at 05:28:38PM +0100, Joachim Schipper wrote:
There was a phpBB2 in one of the paths used. If you have phpBB enabled
somewhere, that's a likely attack vector.
I noticed that too. phpBB has been used for many sorts of tricks.
A re
On Tue, 03 Jan 2006 14:35:12 -0800
Joe S <[EMAIL PROTECTED]> wrote:
> Do you have any recommendations on how I should get started?
> * Community college courses?
> * College courses?
Always helpful, if you're not in full time employment.
> * Self-study books?
Probably the best source of informa
On 1/4/06, Gaby vanhegan <[EMAIL PROTECTED]> wrote:
> Because they're in the default Apache error log, the attacker must
> have hit a website on the machine that doesn't have an ErrorLog
> defined, or they hit the machine by IP instead of a hostname. I got
> a list of sites that have no error log
On 4 Jan 2006, at 16:10, knitti wrote:
> I would think php, but this doesn't explain it unless you turned the
> chroot off.
Due to historical reasons, we're not running apache chrooted. This
is why they're in /tmp rather than /var/www/tmp, or any other place.
Gaby
--
Junkets for bunterish li
From: Gaby vanhegan [mailto:[EMAIL PROTECTED]
> > I would think php, but this doesn't explain it unless you turned the
> > chroot off.
>
> Due to historical reasons, we're not running apache chrooted. This
> is why they're in /tmp rather than /var/www/tmp, or any other place.
Given the securit
Gaby vanhegan wrote:
On 4 Jan 2006, at 16:10, knitti wrote:
I would think php, but this doesn't explain it unless you turned the
chroot off.
Due to historical reasons, we're not running apache chrooted. This
is why they're in /tmp rather than /var/www/tmp, or any other place.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
How I can make that non-root (or non-wheel) user's cannot view processes
of other users?
iD8DBQFDvDc+oN5ZK8eGpqMRAoGiAKDGZI9Zs5fy91d5mQK/k92uXcZoAQCg8ciP
rIpVkKsS1nUH3MZgZeTu13Q=
=BSjJ
-END PGP SIGNATURE-
On 4 Feb 2006, at 20:38, veins wrote:
>>> I would think php, but this doesn't explain it unless you turned the
>>> chroot off.
>>
>> Due to historical reasons, we're not running apache chrooted.
>> This is why they're in /tmp rather than /var/www/tmp, or any
>> other place.
>
> historical ?
Hi
Zophie can help You with that:
http://www.0penbsd.com/zophie.html
Best Regards
At 21:59 2006-01-04, you wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
How I can make that non-root (or non-wheel) user's cannot view processes
of other users?
iD8DBQFDvDc+oN5ZK8eGpqMRAoGiAKDGZI9Zs5fy91d5m
Hello I have two openbsd 3.8 boxes with packet filter, carp interfaces
an pfsync like this:
LAN
--
||
||
Hello, I am running OBSD 3.8 as my monitoring / proxy
server. I have been having issues with high load
averages (2-2.5) on Nagios (installed chroot by
packages). If I run squid (installed from ports), the
load average goes up into the 6-7's. CPU is 95% free,
Memory is 85-90% free, swap is unused
So...I see there are some new patches out but no errata page update ?
150 Have a Gorilla.
drwxr-xr-x2 1114 1114 512 Jan 03 13:03 .
drwxr-xr-x 18 1114 1114 512 Dec 30 21:03 ..
-r--r--r--1 1114 1114 7152 Jan 03 12:10 001_perl.patch
-r--r--r--1 1114
On 2006/01/04 15:39, Mario Beltran wrote:
> I want that each box dont have a default gateway because it will be
> depend of the interface that the packet come from will be returned it.
Does adding a route to $proxy pointing to $gateway help..?
warning! spoilers! openbsd svnd is not safe for general use.
On 1/4/06, Ted Unangst <[EMAIL PROTECTED]> wrote:
> this is good idea. the first thing you need to do is identify your
> threat model. can you write it down? and if it starts with "somebody
> stealing", you lose. amidst all the yamme
Try http://pdp-11.org.ru/~form/openbsd/files/lkm/hproc.tar.gz. Works
as LKM.
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> How I can make that non-root (or non-wheel) user's cannot view processes
> of other users?
> iD8DBQFDvDc+oN5ZK8eGpqMRAoGiAKDGZI9Zs5fy91d5mQK/k92uXcZoAQCg8ciP
> rIpVkKsS
Stuart Henderson escribis:
On 2006/01/04 15:39, Mario Beltran wrote:
I want that each box dont have a default gateway because it will be
depend of the interface that the packet come from will be returned it.
Does adding a route to $proxy pointing to $gateway help..?
Thank you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sizov Alexander wrote:
> Try http://pdp-11.org.ru/~form/openbsd/files/lkm/hproc.tar.gz. Works
> as LKM.
>
Thanks, it work's ok!
pASIB :)
iD8DBQFDvEYGoN5ZK8eGpqMRAtt+AKDc5D2KG/iJEPuSzAAfrXrkdWdpoACfTtAp
isKVp5mo90r8xufsQTALn9M=
=eVRu
-END PGP SIGN
On Thu, 29 Dec 2005 23:04:02 -0700
j knight <[EMAIL PROTECTED]> wrote:
> When you compare "pfctl -ss" on either firewall, do you see state
> information being replicated?
Yep, I can confirm the states are being copied just fine. I hope someone
is still watching this thread!
--
Regards, Ed http:
hi list,
I'm searching for an 1 U server-platform-solution for
a redundant firewall-system based on openbsd.
The firewall-system should support raid 1 and at least
8 NIC's.
My first choice is an Dell 1850 with embedded PERC 4e/Si
controller. I belief the "e" means "embedded".
Does openbsd
Gaby vanhegan wrote:
>There are sites on this machine that we've had since 2000, and that
>were running on various insecure os' from there before we made the
>move to OpenBSD. I suspect that it would be a medium/large sized
>task to make these sites work under chroot, as well as reorganise
Works like a champ. I'll adjust the man.
On Thu, Jan 05, 2006 at 12:41:30AM +0100, Jvrg Streckfu_ wrote:
> hi list,
>
> I'm searching for an 1 U server-platform-solution for
> a redundant firewall-system based on openbsd.
> The firewall-system should support raid 1 and at least
> 8 NIC's
On 2006/01/04 17:00, Mario Beltran wrote:
> >Does adding a route to $proxy pointing to $gateway help..?
>
> Thank you Stuart for you response :)
> Do you mean that I have to add an static route manually?
Yes (I usually add static routes in /etc/hostname.hme0, etc.)
> I dont want this way, I want
On Wed, Jan 04, 2006 at 11:11:01PM +0100, knitti wrote:
> my threat model includes the follwing two cases. for both of then svnd
> can't protect me really well
>
> case 1) lets say someone can predict some blocks in my encrypted data,
> then she can find every block (64bit) everywhere within the
Hi misc@ users,
I have been working for a while on an ISC/OpenBSD licenced web server
that will be
used as an httpd replacement for our not-for-profit organization. Code
is at a very
early stage, but is being worked on actively and has been powering our
own boxes
for weeks now (for static page
Hi, I want to know if there are any plans to support the deletion of
indirectly -installed packages (dependencies). What I want I'm trying
to say, is, for example, when one adds package FOO, and that package
has tons of dependencies, and one then deletes it, we didn't uninstall
all the dependencies
Andreas Gunnarsson wrote:
On Wed, Jan 04, 2006 at 11:11:01PM +0100, knitti wrote:
my threat model includes the follwing two cases. for both of then svnd
can't protect me really well
case 1) lets say someone can predict some blocks in my encrypted data,
then she can find every block (64bit)
I found a very strang line in my /etc/hosts file. The line says
::1 localhost.cimsolve.com localhost
This line is followed by a normal line
127.0.0.1 localhost.cimsolve.com localhost
How did the first line get there, because I didn't put it there.
Jim
On Wed, Jan 04, 2006 at 08:44:19PM -0600, Jim Mays wrote:
> I found a very strang line in my /etc/hosts file. The line says
>
> ::1 localhost.cimsolve.com localhost
>
> This line is followed by a normal line
>
> 127.0.0.1 localhost.cimsolve.com localhost
>
> How did the first line get there, b
On Mon, Jan 02, 2006 at 08:17:43PM -0600, Jim Mays wrote:
>
> resolv.conf file:
>
> search hsd1.tx.comcast.net.
> nameserver 68.87.85.98
> nameserver 68.87.69.146
> looklup file bind
if that is a paste-o and not a type-o, that might be attributable to
a little bit of suckage. ( looklup != l
Ola!
Alguim que nco tinha nada para fazer, numa de suas visitas ao Humor
Tadela nco sei por que cargas d'agua, lhe recomendou a seguinte pagina:
"Piada Animada: Felizes Para Sempre?"
Nco funcionou?
Nco se desespere! Pegue o seu browser digite o seguinte enderego:
http://humortadela.com.br/char
57 matches
Mail list logo
