Hi,
Is it possible for pf to match traffic that has not been tagged?
It seems possible to match a tag, or traffic that lacks a particular tag
but I can't see any way to match traffic that has no tag at all?
Any clues?
Context: I'd like to tag at input particular traffic for specific
outbound pro
On Fri, 31 Jan 2020, Aham Brahmasmi wrote:
> Bug:
> When the client connects to the server, they use the ed25519-cert to
> establish the connection. After the ssh session is established, the
> server sends the "hostkeys...@openssh.com" message with the server's
> ed25519 host public key.
>
> This
Thanks - I just committed a fix (having missed that Otto already
included a patch beyond the bottom of my xterm -- sorry)
On Thu, 5 Apr 2018, Otto Moerbeek wrote:
> On Thu, Apr 05, 2018 at 01:51:51PM +0200, Renaud Allard wrote:
>
> > Hello,
> >
> > The man page for openssh 7.7 for Ciphers speci
On Tue, 16 Apr 2024, Stephan Somogyi wrote:
> Given that it appears that R6S
>
> https://www.mail-archive.com/ports@openbsd.org/msg123717.html
>
> and R6C support
>
> https://www.mail-archive.com/ports@openbsd.org/msg124138.html
>
> are in the ports version of uboot, I was interested in trying
On Sat, 6 Dec 2008, Gilles Chehade wrote:
> On Sun, Dec 07, 2008 at 12:30:32AM +0100, Jesus Sanchez wrote:
> > I want to start learning about postfix running on OpenBSD
> > for a serious pourpose than home services.
> >
> > Think I'm not familiar with the mail servers concepts
> > and I'm startin
On Sat, 13 Dec 2008, igor denisov wrote:
> Hi there,
> I need to extract part of text between /pat1/ and /pat2/ but /pat2/ may appear
> and may not,
> awk '{if (/pat2/) /pat1/, /pat2/ {print}' filename
> does not work. How to do that in shell?
Do /pat1/ and /pat2/ appear on the same line? If so,
On Sun, 14 Dec 2008, spamtester spamtester wrote:
> It does not matter what faith one places in the pki or webs of trust
> (gpg/pgp style). Most linux distributions have had their packages
> signed for years (for example at ruxcon - an australian security
> conference a large number of participant
On Sat, 27 Dec 2008, Jordi Espasa Clofent wrote:
> Hi misc@,
>
> ?Are there some plans to include python in base system (as Perl is at
> present)?
No. We only need one such language in base and perl got there first.
-d
On Wed, 4 Feb 2009, Chris wrote:
> I've recently enabled VisualHostKey yes in my .ssh/config file. I
> would like to hear from people who are using it and how they are
> finding it useful.
the undead orc hits, you die.
On Sun, 1 Mar 2009, Vivek Ayer wrote:
> Hi,
>
> I'm not sure why it happens, but I tried running:
>
> openssl genrsa -out /etc/ssl/private/server.key 1024
>
> over an ssh connection to a web server that I wanted to setup as
> https. Believe it or not, it froze while it was running openssl. Now
On Sun, 1 Mar 2009, Vivek Ayer wrote:
> why would this occur?
Without you looking at the console, who knows?
> I thought openssl was stable.
It is. It almost certainly isn't OpenSSL that has crashed, but rather your
host.
> Does it have to do
> with the key length?
No.
-d
On Wed, 11 Mar 2009, patric conant wrote:
> I've repeatedly been in a position where we weren't making direct use
> of OpenBSD, but were using OpenSSH, and if there were a recurring
> cost associated with it (like purchasing a semi-annual CD) it would
> have been relatively painless to get a rubbe
On Fri, 8 Feb 2019, Lars Bonnesen wrote:
> OpenBSD 6.4
>
> Putty just reports "Authenticating with public key "XXX" from agent" and
> then I am disconnected. If I run sshd with -ddd, I get the following
> output. I can't seem to get any error, and therefor I can't tell what is
> wrong. Anyone has
On Wed, 17 Apr 2013, Darren Tucker wrote:
> On Tue, Apr 16, 2013 at 12:25:54PM +0800, f5b wrote:
> > the user share can not sftp to the server,
> > but same config in Mar 1 snapshot, sftp is ok.
>
> it's caused by this change (feed it to patch -R to revert it), and it's
> because the uid has alre
On Tue, 1 Jul 2014, Gregory Edigarov wrote:
> Hello,
>
> Just out for curiosity.
> what is the fastest and lightest in cpu terms algorithm in ssh?
In recent OpenSSH, chacha20-poly1...@openssh.com is what you want.
-d
On Wed, 9 Apr 2014, Loganaden Velvindron wrote:
> Maybe the OpenSSH community needs to get involved, so that we can
> get work done :-) ?
I think "getting involved" will be a matter of us acting unilaterally
and just committing support for the new SSHFP code point.
-d
On Thu, 9 Apr 2009, ropers wrote:
> [citation needed]
http://bit.ly/3dMFBs
On Tue, 14 Apr 2009, Theo de Raadt wrote:
> > Has anybody been able to get Padlock accelerated SHA1 working on a C7
> > or is this not currently possible?
>
> It isn't worth using it. The overhead is too high.
Specifically: Via botched the implementation - their instruction set
does not allow t
On Tue, 28 Apr 2009, Sebastian Rother wrote:
> > it is not a blanket thing - not all archs use it. the disklabel stuff
> > well, we expect people to know how to use disklabel anyway. if they
> > don;t, they can read the man page.
>
> The method I descriped is NOT mentioned anywhere.
> People have
On Mon, 13 Jul 2009, Nicholas Marriott wrote:
> > > > What does "echo $TERM" show before you attach tmux?
> > >
> > > again, this seems to be a putty specific issue.
> > > no problems whatsoever on local terminal.
> > > TERM is set to xterm before i run tmux, then it changes to screen.
> >
> > T
On Tue, 23 Oct 2007, Theo de Raadt wrote:
> > Virtualization seems to have a lot of security benefits.
>
> You've been smoking something really mind altering, and I think you
> should share it.
>
> x86 virtualization is about basically placing another nearly full
> kernel, full of new bugs, on t
On Wed, 24 Oct 2007, L. V. Lammert wrote:
> I still stand by my original statement. Running application 'domains' in
> VMs instead of on a single server increases security.
It no worse security-wise to run applications on VMs rather than on the
one OS, but that isn't the only choice - is it?
You
On Wed, 24 Oct 2007, Brian wrote:
> All of the theoretical attack vectors are exactly that: theoretical.
> But by adding complex layers does not guarantee any increase in security.
They aren't theoretical, they have been demonstrated. Read the paper:
http://taviso.decsystem.org/virtsec.pdf
On Sun, 2 Dec 2007, Douglas A. Tutty wrote:
> > Why is everyone trying to come up with a solution to a problem that
> > doesn't exist?
>
> The 'problem' is a piece of software installed on the box that some of
> us don't use. It takes up space (how much?). Each MTA has its
> champions and its d
On Mon, 3 Dec 2007, Andris wrote:
> I was reading about Hiawatha security features, and seems like a
> perfect fit for OpenBSD goals. I'd volunteer to talk to Hugo Leisink
> (the developer) and see if the code could be relicensed if the project
> has interest in it. IMHO, replacing forked software
On Fri, 14 Dec 2007, Richard Stallman wrote:
> It also seems silly to me this idea between "tainted" and "clean"
> oses, such as Open and gNewSense, respectively. Take for example
> a user that runs Ubuntu [GNU/]Linux but proscribes to your free-only
> philosophy. They don't have
On Fri, 14 Dec 2007, Richard Stallman wrote:
> You said "Real men don't attack straw men". Yet this is *EXACTLY* what
> you are now doing. You continue to repeatedly write that OpenBSD
> recommends the ports system to its users, *which it does not*. Let me
> say that once again: Op
On Wed, 13 Feb 2008, [EMAIL PROTECTED] wrote:
> I just wanted to bring it to your attention that the university of
> Pittsburgh provides a HPC-Patch for OpenSSH 4.7 wich may is worth looking
> at (include it into the base if possible? who knows..). :)
Is crypto really a bottleneck for non-HPC use
On Fri, 22 Feb 2008, Brett Lymn wrote:
> On Thu, Feb 21, 2008 at 05:19:28PM -0600, Marco Peereboom wrote:
> >
> > Let me give you an engineering opinion: bwahahahahahaha this is
> > retarded.
> >
>
> Well, let me give you another engineering opinion based on actual
> experience working on a m
On Fri, 22 Feb 2008, Chris Smith wrote:
> On Thursday 21 February 2008, Allie D. wrote:
> > I'm getting bad file descriptor errors on every ssh connection on a
> > box that I built from source on 4.3 beta last night. Anyone else
> > seeing this as well ?
> >
> > Feb 21 09:54:43 crusty sshd[21741]:
On Wed, 12 Mar 2008, Ed Ahlsen-Girard wrote:
> Does OpenBSD's OpenSSL use the FIPS 140-2 certified bits where
> applicable?
No. Furthermore, there are no "FIPS 140-2 certified bits" - it is an
entire package that is certified, you don't get to pick and choose.
-d
On Wed, 12 Mar 2008, Calomel wrote:
> Is it possible to enable DEBUG logging for internal-sftp in sshd?
>
> Using -current (Mar 12, 2008) and enabling a chroot'd sftp server we can
> get sshd to log initial connections. But, we would also like to log sftp
> activity like uploads, downloads, and d
On Mon, 17 Mar 2008, Dimitri wrote:
> Hello all.
>
> My cuestion is simply.
>
> OpenBSD run over AMD Geode,
Yes.
> specificly over Packard
> Bell S18P?.
Don't know.
-d
On Thu, 27 Mar 2008, raven wrote:
> Hi, like subject, i would to know why OpenBSD do not partecipate to Google
> Summer of Code. Exist a reasonable reason?
I wanted to get some candidate projects proposed for OpenSSH but I wasn't
organised in time.
-d
On Tue, 12 Dec 2006, Clint Pachl wrote:
> I have a similar problem in 3.9 with ral cards; very poor range.
>
> Linksys (ath) [ap] -> Level One (ral) = 5-7 meters
> Linksys (ath) [ap] -> Old 1MBit Intel (wi?) = +30 meters
> Level One (ral pci) [ap] -> Level One (ral pccard) = must be within 1-2
>
So far for all you people who have complained about lousy ral(4)
range or reception, only one of you has posted a dmesg (and even it was
incomplete) and none of you have posted your interface config.
Don't let this interrupt your complain-fest, but if you want to move
beyond whinging and start try
On Mon, 18 Dec 2006, pedro la peu wrote:
> On Friday 15 December 2006 09:51, you wrote:
> > So far for all you people who have complained about lousy ral(4)
> > range or reception, only one of you has posted a dmesg (and even it was
> > incomplete) and none of you have posted your interface config
On Mon, 22 Jan 2007, Alexander Farber wrote:
> Hello,
>
> I'm writing a small network daemon program and
> want it to drop priviliges after it opens a listening port.
>
> I've looked at the several programs in /usr/src/usr.sbin
> and many do it in the similar way:
>
> 1) getpwnam(NTPD_USER) to
On Wed, 24 Jan 2007, Jeroen Massar wrote:
> The key in getting it to work is "UPNP", thus something like:
>
> http://upnp.sourceforge.net/
> http://linux-igd.sourceforge.net/
a more OpenBSDish implementation seems to be http://miniupnp.free.fr/
NB. I have never used it, or any for of uPNP (nor
On Wed, 24 Jan 2007, Paul Pruett wrote:
> Using cron and atactl to email smartstatus errors
> to an email address other than cron user:
...
I use the following script to help with cron stuff, it can do
what you want.
-d
---
#!/bin/sh
# Helper for cron(8) to send mail
On Mon, 29 Jan 2007, Sean Kennedy wrote:
> Understood, -- Just being pedantic, before I move to -rstable, I usually do a
> build with -rOPENBSD_X_x first when I do a Vanilla system.
> Answer of "Use -rstable." is your answer.
> libssl/crypto has issues with -rOPENBSD_4_0.
To be clear, your prob
Please send a Debug3 trace (sshd -dddp222), debug level 1 doesn't
contain all the necessary information
-d
On Tue, 27 Feb 2007, Josh Grosse wrote:
> After building -current on Feb 25, I noticed when I attempted to use S/Key
> remotely, that it was not a permitted authentication style. (I use S/
also, does it work if you try connecting without any keys in your ssh-agent?
On Tue, 27 Feb 2007, Josh Grosse wrote:
> On Tue, Feb 27, 2007 at 04:20:20PM -0700, Damien Miller wrote:
> > Please send a Debug3 trace (sshd -dddp222), debug level 1 doesn't
> > contain all the necessary information
...
what does the client say? (ssh -vvvp 222 localhost)
On Tue, 27 Feb 2007, Josh Grosse wrote:
> On Tue, Feb 27, 2007 at 04:20:20PM -0700, Damien Miller wrote:
> > Please send a Debug3 trace (sshd -dddp222), debug level 1 doesn't
> > contain all the necessary inf
On Sun, 18 Mar 2007, Jason Dixon wrote:
> Again, why are you being hypocritical by including a BLOB-friendly OS in your
> campaign? You're part of the problem, not the solution.
Actually, I think that by listing only blob-distributing OSs on their poster
the campaign has a very funny subtextual
On Thu, 5 Apr 2007, Andris Delfino wrote:
> First, this wouldn't happen cause I prefer the BSD license, but, if
> someone violates the copyright of my work, I'll take that guy down. In
> the most publicly and shameful way.
How does this militant attitude work alongside your preference for
the BSD
Two points:
1. Please don't post private email. (Apologies if you obtained his
permission to post).
2. Who really cares? I'd much rather see contibutions from companies who
ship OpenSSH in their products and list "SSH support" as a feature on
their glossy brochures than shaking down othe
On Wed, 11 Apr 2007, Timo Schoeler wrote:
> Which commercial *NIX that's still alive is more of a security thread
> and covered with the same level of stability problems as GNU/Linux? One
> really stops counting remote exploits for GNU/Linux very soon,
> otherwise one would have to dedicate one's
On Wed, 23 May 2007, Daniel Ouellet wrote:
> I am trying to find out how many peek active process a server run in a given
> time period, like in one day, and may be a week. I try to see how servers
> handle heavy peak at time.
>
> I thought that systat vmstat, or others could provide me that.
>
where did you get that idea from? you are wrong.
On Mon, 28 May 2007, openbsd fan wrote:
> tpb and tphdisk are only for thinkpads with apm not acpi...
>
> On 5/27/07, Don Scott <[EMAIL PROTECTED]> wrote:
> > I have setup an MSDOS partition for tphdisk:
> >
> > $ sudo fdisk sd0
> > Disk: sd0
On Thu, 31 May 2007, Open Phugu wrote:
> On 5/31/07, qw er <[EMAIL PROTECTED]> wrote:
> > It really sucks. it is slow.
> >
> What you say does not apply to OpenBSD. What you said describes you.
I find it amazing that, in 2007, people still respond to the most blatant
trolling in exactly the way
I think you have the wrong list...
On Fri, 1 Jun 2007, Dan Farrell wrote:
> At the link below from the Linux Journal, Glyn Moody states that the
> GNU/Linux Community should wish Novell well, as it may be the first
> domino to fall. In the comments section I mentioned there's a least one
> projec
On Sun, 10 Jun 2007, Praveen wrote:
> Hi,
> I am using the send program from this example:
> http://ntrg.cs.tcd.ie/undergrad/4ba2/multicast/antony/example.html#sender
>
> The only modification is the use of setsockopt() to
> set the interface from which I want to send the
> packet.
> The setsoc
On Wed, 20 Jun 2007, Karel Kulhavy wrote:
> http://www.daemonology.net/papers/htt.pdf
>
> This is the missing link to my post about keyboard security.
No, it isn't. You can't really compare a public key crypto operation
to someone bashing at a keyboard.
-d
On Wed, 20 Jun 2007, Mikulas Patocka wrote:
> > Yay ! Let's map everything uncached from now on! For great justice!
> >
> > [I was tempted to write some stuff about how keyboard keycode translation
> > works in wscons, but it's not worth my time]
> >
> > Miod
>
> You don't have to map keyboard
On Sat, 7 Jul 2007, Lawrence Horvath wrote:
> Is there a way using pf to distinguish between ssh shell logins, and
> scp file transfers?
Not easily: ssh sets IPTOS_THROUGHPUT for non-interactive sessions,
but does it after the TCP handshake. If you are assigning connections
to queues statefully,
On Mon, 27 Aug 2007, [EMAIL PROTECTED] wrote:
> > rest of the kernel uses it to store the value of curlwp. Sam won't
> > recompile the HAL for us (fair enough), and we can't modify the HAL
> > to use another register because doing so could put us in breach of
> > the license (v. crappy). So, do a
On Sat, 15 Sep 2007, Rui Miguel Silva Seabra wrote:
> You seem uneducated about how powerless someone is without the freedom to
> change a program because he has no access to the source code.
You seem to be entirely missing the irony of making this statement
in the context of an argument about so
On Sat, 15 Sep 2007, Rui Miguel Silva Seabra wrote:
> On Sat, Sep 15, 2007 at 09:54:10PM +1000, Damien Miller wrote:
> > On Sat, 15 Sep 2007, Rui Miguel Silva Seabra wrote:
> >
> > > You seem uneducated about how powerless someone is without the freedom to
> > >
On Sat, 22 Sep 2007, Douglas A. Tutty wrote:
> Hello all,
>
> I'm running OBSD on my older boxes but still Debian on my big box (not
> ready yet).
>
> Linux has SELinux in its 2.6 kernel and debian has gone ahead and
> compiled SELinux into the libraries, although the SELinux policies
> aren't r
On Wed, 26 Sep 2007, Liviu Daia wrote:
> Greylisting is trivial to bypass, with or without a queue: just send
> the same messages twice. Some spammers have figured that out long ago.
> Ever wondered why sometimes you receive 2 or 3 copies of the same spam,
> from the same IP, with the same Me
On Thu, 11 Oct 2007, Sean Darby wrote:
> Hi,
>
> Is there an alternative PGP or OpenPGP-like program available other
> than PGP or GnuPG/GPG?
>
> Is there something along lines of a "BSD-PG"-type program (using BSD
> licensing/copyright and basically non-GNU)?
There is this:
http://openpgp.nomin
On Wed, 7 Jun 2006, riwanlky wrote:
> Hai,
>
> Is there a documentation on installing OpenBSD 3.9 on USB flash drive?
> With X Windows and Firefox latest version.
Once you have booted the installer, then just choose the USB drive
as the install target. It will likely be sd0, or a higher sd* if y
On Thu, 8 Jun 2006, Gabriel Kihlman wrote:
> > Because of that I just need popa3d to listen on 127.0.0.1.
>
> Index: standalone.c
> ===
> RCS file: /cvs/src/usr.sbin/popa3d/standalone.c,v
> retrieving revision 1.10
> diff -u -r1.10 s
On Thu, 8 Jun 2006, Michael Lechtermann wrote:
> Damien Miller schrieb:
> > Why go through all of this trouble when you can just run it out of
> > inetd(8)?
>
> Why running inetd for that alone and having an additional process open
> when popa3d is supposed to be able to
On Mon, 26 Jun 2006, Floor Terra wrote:
> I think 32MB is out of the question unless you would
> heavily modify the installation and rip out pkg_add and stuff.
> But I would love to see if its possible.
of course it is possible:
http://www.mindrot.org/flashboot.html
just please don't bug people
if you are having problems with screen corruption when logging into
Cygwin, could you please try the diff below?
# cd /usr/src
# patch < blah.diff
# cd share/termtypes/
# make && make install
Let me know if it helps
Index: share/termtypes/termtypes.master
On Mon, 3 Jul 2006, Spruell, Darren-Perot wrote:
> From: [EMAIL PROTECTED]
> > A client is setting up a password policy, and would like to
> > prevent users from
> > reusing a password for a period of time (four changes ninety
> > days apart). Is
> > there a way to do this, either within the
On Tue, 4 Jul 2006, Chet Uber wrote:
> Not to bicker, but the resources needed to use a database of all possible
> passwords even with alphanumerics and salted is very finite -- albeit large.
OpenBSD blowfish hashes have 16 bytes of salt, so a database of these
will not be feasible for a while.
On Tue, 11 Jul 2006, J Moore wrote:
> Recently one of my 3.8 boxes has producing error messages when cron
> tries to run newsyslog. Following is the error message that arrives in
> root's inbox:
>
> newsyslog: /etc/newsyslog.conf:6: unknown group: wheel
>
> I checked, and sure enough, group wh
On Fri, 21 Jul 2006, Han Boetes wrote:
> > Why has OpenBSD developers decided to run ksh as the default
> > shell and not for example bash or zsh?
>
> 1) Acceptable License.
> 2) Correct /bin/sh implementation.
3) *statically* linked ksh is a little over 1/2 the size of *dynamically*
linked b
Pedro TimC3teo wrote:
> Thanks, but all the solutions presented in that thread can't clear the
> screen when you're typing something AND keep what you've already typed.
Why don't you add support for ^L yourself then?
-d
On Tue, 25 Jul 2006, Bryan Irvine wrote:
> I recently moved my squid cache into a ramdisk, and now I get a lot of
> errors in messages.
>
> I'd of course prefer that TIME be the one in use. Since it's a
> ramdisk I can't use tunefs (right?) to manually set it, but even if I
> did it would switch
On Wed, 26 Jul 2006, Gustavo Rios wrote:
> May some one point me a reference information on implementation
> tunnels with pf without security.
man 4 gre
man 4 gif
On Wed, 2 Aug 2006, Nik Lam wrote:
> Does anyone have any advice on which one of these two CF GPRS cards would be
> better (mainly for use with a Zaurus SL-C3200)?
>
> Pretec CompactGPRS
> http://www.expansys.com.au/product.asp?code=106282&tab=2
>
> Audiovox RTM-8000
> http://www.umd.com.au/itd/
On Wed, 2 Aug 2006, Nik Lam wrote:
> Very helpful info Damien, thanks.
>
> What's the longest that you've been able to stay online for at a stretch using
> only the zaurus battery?
At least an hour, but I have never really timed it.
-d
On Wed, 9 Aug 2006, Landry Breuil wrote:
> Now i'm trying to get DRI working on this laptop, to use shiny features
> like composite and so on. It's not a vital need, just a personnal
> challenge :)
You will need to (at least) port the DRM kernel support to OpenBSD.
tedu@ made a start a little whi
On Tue, 15 Aug 2006, Steve B wrote:
> Our company has a small OpenBSD box colocated with a local ISP that we use
> for tertiary stoage of some data. I'd like to setup RAID-1 to provide some
> basic redundancy of that data. I'm looking at either an Arco Duplidisk DD3
> or 3Ware 7006-2 card. I've r
On Mon, 28 Aug 2006, Ryan McBride wrote:
> On Mon, Aug 28, 2006 at 09:15:44PM +0200, Joachim Schipper wrote:
> > On Mon, Aug 28, 2006 at 11:58:39AM -0600, Tim Pushor wrote:
> > > Only question is to whether or not to use the/a carp address for the DNS.
> >
> > It will work, but as noted, there's
On Tue, 29 Aug 2006, Raja Subramanian wrote:
> Hi All,
>
> I'm in the process of writing a pptp proxy for PF and
> am a fair way through it.
>
> I'm redirecting GRE packets from PF to the proxy using:
>rdr on $wan proto gre from $lan:network to \
>any -> 127.0.0.1
>
> GRE packet
On Tue, 29 Aug 2006, Raja Subramanian wrote:
> > A (more complicated) alternative would be to teach pf to pull out
> > either the GRE "key" (rfc2980) and/or eGRE "call id" (rfc2637) fields
> > and stuff them into the space used by the port numbers. IIRC both are
> > uint32, so they should fit. Thi
On Thu, 31 Aug 2006, Joachim Schipper wrote:
> On Wed, Aug 30, 2006 at 12:11:15PM -0300, Denis Augusto Araujo de Souza wrote:
> > Friends,
> >
> > I'm needing to mount a /tmp partition in a secure mode. Which is
> > the best way to fstab file configuration?
>
> I don't know what secure mode
On Thu, 7 Sep 2006, Karel Kulhavy wrote:
> How can I perform OUT and IN on OpenBSD? I have some Linux program
> that patches BIOS on my notebook so the proper 1400x1050 resolution
> can be used, and it uses iopl and outl which don't seem to exist in
> OBSD (man outl, man iopl).
>
> I wonder if I c
On Thu, 14 Aug 2008, Sunnz wrote:
> Hi,
>
> I am just curious, have Vista implemented something similar to
> Stack-Smashing Protector as in OpenBSD's GCC?
>
> http://arstechnica.com/news.ars/post/20080811-the-sky-isnt-falling-a-look-at-a-new-vista-security-bypass.html
>
> I don't really know th
On Wed, 10 Sep 2008, Kevin Neff wrote:
> Hi,
>
> Some secure protocols like SSH send encrypted keystrokes
> as they're typed. By doing timing analysis you can figure
> out which keys the user probably typed (keys that are
> physically close together on a keyboard can be typed
> faster). A caref
On Wed, 10 Sep 2008, STeve Andre' wrote:
> On Wednesday 10 September 2008 15:58:03 Kevin Neff wrote:
> > Hi,
> >
> > Some secure protocols like SSH send encrypted keystrokes
> > as they're typed. By doing timing analysis you can figure
> > out which keys the user probably typed (keys that are
> >
On Thu, 11 Sep 2008, [EMAIL PROTECTED] wrote:
> Just off the top of my head (I have to check the SSH protocol yet):
> Why not encipher all accumulated keystrokes up to the key as a
> block send them instead of sending each keystroke as it is typed? This
> shrouds the typist's characteristics.
Th
-003-ssh-traffic-analysis/
>
> The ACM paper was also published in 2001, same time frame. There's
> more padding (see the TCPDump output I provided) in SSH2. Also, take a
> look at what Damien Miller responded with: OpenSSH is applying extra
> padding.
>
> SSH2 is the de
On Sun, 21 Sep 2008, Brian wrote:
> I'm thinking about picking up an eSATA pci card and backing up my data
> to an external hd over eSATA using rsync. Is this supported?
eSATA is a conector, cable and electrical specification and otherwise is
identical to regular SATA. If the particular adapter's
no
On Sat, 25 Oct 2008, Neko wrote:
> so there can be an end to this retard "cant write on the file system" bs
>
> http://www.ntfs-3g.org/
>
>
> so will it be merged in the next obsd release ?
> this is the future. people use multiple os on their machine, not just
> vm , they will local instal
On Sat, 8 Nov 2008, Jeff Ross wrote:
> My ssl hosts work.openvistas.net and cvs.work.openvistas.net resolve
> to the same IP address as everything else from the internet, but to
> different internal IP addresses beginning at 10.30.50.1 with a split
> horizon DNS setup. These two use two different
On Thu, 27 Nov 2008, John Nietzsche wrote:
> Does anybody know a tutorial on implementing such curves in ANSI C?
src/sbin/isakmpd/math_ec2n.{c,h}
On Wed, 30 Apr 2008, Lars NoodC)n wrote:
> On OpenBSD 4.2, ssh-keyscan looks like it tries for SSH1 first, rather
> than SSH2, which is the default[1] for OpenBSD. However, it appears not
> to retry the scan with SSH2 if SSH1 fails.
ssh-keyscan never rolls over to a different protocol unless you
On Thu, 8 May 2008, Adam Patterson wrote:
> Anyone know of any documentation on tpwireless? Specifically how to "re-set"
> the bit that it unsets. There isnt a man page and there aren't and switches to
> cause 'usage' to show up.
There are no flags.
There is no usage doc.
However, if you edit th
On Wed, 14 May 2008, chefren wrote:
> On 5/13/08 7:08 PM, Marc Espie wrote:
>
> > More details show that someone seriously fucked up in debian.
>
> Well, this Kurt has seriously asked for details on the relevant openssl-dev
> list:
>
> http://marc.info/?l=openssl-dev&m=114651085826293&w=2
>
>
On Fri, 23 May 2008, Chris wrote:
> I can see from the recent undeadly posts and pictures that most
> developers are using laptops and I know you have to run -current to do
> development work. I was just wondering if these laptops are for
> development use only or development+personal use? I know
On Mon, 9 Jun 2008, James Hartley wrote:
> On Mon, Jun 9, 2008 at 3:36 PM, Marc Balmer <[EMAIL PROTECTED]> wrote:
> > If you are using a GPS device with nmeaattach(8), please switch to
> > ldattach(8) now.
>
> Thanks Marc for passing on this information. Can you describe in
> short why this chan
On Sat, 14 Jun 2008, Khalid Schofield wrote:
> Hi,
> I need to get a proper signed ssl certificate for my ecommerce website
> hosted on my openbsd box. Getting confused as most websites describe
> how to do this in many different ways and most refere to self signed
> certificates. Wanted to ask th
On Mon, 16 Jun 2008, Brad Walker wrote:
> FYI, newer Thinkpads have mini-pci cards whitelisted in the BIOS. One
> can't install a ral(4) in them without hacking the BIOS (not
> recommended).
>
> http://www.thinkwiki.org/wiki/Problem_with_unauthorized_MiniPCI_network_card
We have had tools to wor
On Tue, 15 Jul 2008, Ted Unangst wrote:
> try it. install x, then resist the urge to type "startx". can you do
> it? can you ignore the siren song, or do your fingers fly forth of
> their own volition?
I have it on good authority that plugging one's ears with wax helps.
-d
1 - 100 of 232 matches
Mail list logo
