| UID ZERO | Sun Blade 2000 with XVR-1000?
Hi list.
I've been offered a Blade 2000 with an XVR-1000 graphics card, and was
hoping to run 4.4-current on it. Ideally would like to use it with X, but
can't seem to find any definitive information about whether this graphics
card works with xenocara.
Anyone have any experience with it? Does it work, and if so, how does it
perform?
(FWIW, I'm planning on using a Dell 2408WFP 24" TFT with the DVI connector
on the XVR-1000)
Cheers...
| Oct 1, 6:11 pm 2008 |
| Geoff Steckel | Re: HPING or equiv
time sudo ping -f ping
PING ping.oat.com (198.5.5.10): 56 data bytes
--- ping.oat.com ping statistics ---
12180 packets transmitted, 12180 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.083/0.141/8.073/0.132 ms
0.0u 0.6s 0:02.75 24.3% 0+0k 0+1io 0pf+0w
This is on a very wimpy box (< 2G). Maybe your network interface
is no good? If it's an ne2000 type, it won't work worth used tissue paper.
geoff steckel
| Oct 1, 12:26 pm 2008 |
| Simon Slaytor | Re: HPING or equiv
Hi Geoff,
Thanks for the reply, no I don't think it's the box, DMESG below.
Ok some test output where the IP pinged is the far end of a /30 subnet
on a dedicated 1G line rate router port of a 7609 cisco, sup 720 etc..
If I do a flood PING
# time ping -c 1000 -f 80.65.xxx.xxx
PING 80.65.xxx.xxx (80.65.xxx.xxx): 56 data bytes
--- 80.65.xxx.xxx ping statistics ---
1000 packets transmitted, 1000 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.241/0.279/10.349/0....
| Oct 1, 3:24 pm 2008 |
| Fernando Gont |
| Oct 1, 11:29 am 2008 |
| sslaytor | HPING or equiv
Hi Folks,
Looking for a bit of insight from you guys in the know.
I've deployed a 4.3 box as a pen test / scanning tool for our network. One of
the toys I've put on is HPING from the packages collection.
Ok so here's the problem if I do a 'hping -c 10000 -i u100 -1 xx.xx.xx.xx' I
generate a rather unimpressive 50pps. Issuing the same command on a gentoo box
(sorry) I get 9000+ pps.
In both cases HPING is v2.00.xx something. I've tried HPING3 but the result is
the same.
So HPING on OBSD is...
| Oct 1, 12:15 pm 2008 |
| Leon Dippenaar |
| Oct 1, 8:52 am 2008 |
| Jussi Peltola | Re: New tcp stack attack
Most application protocols running on TCP are quite vulnerable to DoS,
but nobody has seemed to care so far...
| Oct 1, 11:56 am 2008 |
| Duncan Patton a Campbell | Re: New tcp stack attack
On Wed, 01 Oct 2008 14:52:29 +0200
Seems possible. Here: http://cr.yp.to/syncookies/archive
you will find the passage
"
An attack would still need to know our random secret in order to
spoof a connection without seeing any of our outgoing traffic.
If an attacker can see our outgoing traffic, then they will be
able to spoof a connection, but they could have done that anyway,
even under the secure sequence number scheme we currently use.
"
and here: [ message continues ] " title="http://it.slashdot.org/it/08/1... ">http://it.slashdot.org/it/08/1...
| Oct 1, 10:13 am 2008 |
| Fernando Gont | Re: New tcp stack attack
This is simply the naphta attack. They don't really need to "use syn
cookies". They could simply ACK any SYN/ACK they receive, and that's it.
The attack is not new, and they are not proposing any counter-measures.
It doesn't mean does this does not need attention... but they are not
making any new contribution to the issue.
Kind regards,
--
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
| Oct 1, 11:24 am 2008 |
| Duncan Patton a Campbell | Re: New tcp stack attack
On Wed, 01 Oct 2008 12:24:16 -0300
The impression I got is that they collect enough SYN cookies from
the server to crack the server's secret (24bit) and THEN they can
forge any number of acks to the server's syn cookie that contain
bogus ip/ports but with the correct sequence/hash. If this is not
the case then it is nothing new.
| Oct 1, 11:41 am 2008 |
| Fernando Gont | Re: New tcp stack attack
According to a podcast I listened to, this is not what they try to
do. And even then, brute force attacks against SYN cookies have
already been discussed in the past. (although I agree that it usually
requires hard googling to spot the right documentation)
Kind regards,
--
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
| Oct 1, 12:26 pm 2008 |
| Peter J. Philipp | Re: New tcp stack attack
I listened to the podcast and got the idea that the socket is in
ESTABLISHED state (so after 3 way handshake) and they
mention that a packets PCB resources have timers, and that is what they
exploit. Perhaps you establish the session and
send an HTTP request (pretend it's http) and never ACK the answer that
gets repeated based on the internal timers. It seemed to me they say
that some stop repeating their content and just die.
-p
| Oct 1, 12:56 pm 2008 |
| Fernando Gont |
| Oct 1, 1:31 pm 2008 |
| Peter J. Philipp | Re: New tcp stack attack
I looked this up on google, the URL for this attack is here:
http://shlang.com/netkill/ , I noticed it was a little bit
different from what I described because the state is in the FIN_WAIT_1
state on the remote machine, the TCP state
diagram in RFC 793 page 23 shows that a FIN is sent from the client's
close() to the server to reach that state, so it differs. If you have
a userland TCP/IP stack you can cease communication without the FIN
being sent.
I listened to the interview's first 5 mi...
| Oct 1, 2:11 pm 2008 |
| Stephan A. Rickauer | Re: New tcp stack attack
A little bit less vage info can be found here
http://tinyurl.com/3hv3kf
--
Stephan A. Rickauer
-----------------------------------------------------------
Institute of Neuroinformatics Tel +41 44 635 30 50
University / ETH Zurich Sec +41 44 635 30 52
Winterthurerstrasse 190 Fax +41 44 635 30 53
CH-8057 Zurich Web www.ini.uzh.ch
| Oct 1, 9:31 am 2008 |
| Claudio Jeker | Re: New tcp stack attack
This article is mostly about exploiting SYN cookies to bring servers into
resource starvation. OpenBSD does not implement SYN cookies. We have a SYN
cache with a upper limit of open handshakes. Together with random initial
sequence numbers it is hard to finish the 3-way handshake without getting
the SYN/ACK from the server on OpenBSD systems.
I'm not too concerned about this "fundamental problem with TCP" but as
usual the mentioned article is less informative then the back side of my
breakfast ce...
| Oct 1, 9:58 am 2008 |
| Paul de Weerd | Re: New tcp stack attack
On Wed, Oct 01, 2008 at 03:58:22PM +0200, Claudio Jeker wrote:
| On Wed, Oct 01, 2008 at 03:31:00PM +0200, Stephan A. Rickauer wrote:
| > On Wed, 2008-10-01 at 14:52 +0200, Leon Dippenaar wrote:
| > > Hi there,
| > >
| > > is there any weight to this new story on slashdot
| > > http://it.slashdot.org/it/08/10/01/0127245.shtml
| > >
| > > about a new attacker possible to break any tcp stack? Sounds rather
| > > shady, so here I am, perhaps you guys have y...
| Oct 1, 10:46 am 2008 |
| Duncan Patton a Campbell |
| Oct 1, 10:22 am 2008 |
| Dries Schellekens | Re: New tcp stack attack
On Wed, Oct 1, 2008 at 4:22 PM, Duncan Patton a Campbell
When I read the pseudo article, I had the impression that the server
does not have to implement SYN cookies. Their sockstress program uses
(client) SYN cookies to estabilish a lot of TCP connections with
minimal own resources...
Cheers,
Dries
| Oct 1, 10:47 am 2008 |
| Alexander Sabourenkov | Re: New tcp stack attack
SYN cookies are only mentioned to boast about their high-performance tcp
flooder. Problem is that some systems 'became overly responsive', and
this is clearly an implementation issue.
"We noticed that certain systems would start resending certain packet
responses continuously until they were rebooted," Lee said.
Certain (buggy) systems resend certain (invalid/unneeded) responses, lo
and behold: tcp is broken forever. Phew.
--
./lxnt
| Oct 1, 10:44 am 2008 |
| amm | compile programs in standalone mode
Hi,
int main()
{
int i;
short int *screen = (short int *) 0xB8000;
char msg[]="Hello World";
for(i=0; msg[i] != '\0'; *(screen++) = 0x1F00 | msg[i], ++i);
for(;;);
return 0;
}
When i compiled i got a very big main.bin file more then 960MByte, so i
tried to change the char vector with only a char and it works fine. I
think the problem was the buffer overflow protector system that take the
.nodata segment in other address, or something like that... (readelf -S
main)
So how ...
| Oct 1, 7:25 am 2008 |
| Stuart Henderson | Re: Weird pkg_info behavior?
For 4.4/-current, landry@ has written a curses-based package browser,
pkg_mgr. It's in the ports tree and of course a package is available,
"pkg_add pkg_mgr".
| Oct 1, 5:25 am 2008 |
| Stuart Henderson |
| Oct 1, 5:22 am 2008 |
| Dale Carstensen | uvm fault panic
I have two amd64 computers on OpenBSD 4.3. Both had uvm fault problems
today. There were panics with a message:
kernel diagnostic assertion "anon->an_page == NULL" failed: file
"/usr/src/sys/uvm/uvm_anon.c", line 169
I did trace and ps in ddb, but another crash before savecore could
capture the result of "boot dump" lost the crash dump, and the
results of those commands. I changed the sysctl for ddb:panic, but
the expected automatic unattended reboot with dump and savecore did
not happen...
| Oct 1, 12:23 am 2008 |
| Toni Mueller | Re: uvm fault panic
Hi,
recommended procedure (if you can do this): Get a serial console and
run 'script' before you connect (or otherwise activate logging for your
terminal program). That way, you won't lose what you already have if
A better way should be to say
# echo 'set image /bsd.mp' > /etc/boot.conf
Kind regards,
--Toni++
| Oct 1, 3:54 am 2008 |
| Maximo Pech | Re: Limit number of login sessions
It means that I use my computer on a home adsl connection as a ssh tunnel
and that I let some friends use it as well but I don't want them to abuse.
What we are doing is connecting to the ssh server with some ssh client, it
creates a socks proxy on our local computers, we configure our programs to
connect to the local proxy and everything is forwarded trough the ssh
tunnel.
I mean, I don't know if there's another way to do it without having to login
Yeah, utmp sounds useful for this.
| Oct 1, 12:15 am 2008 |
| Giancarlo Razzolini | Re: Limit number of login sessions
What about a VPN? You can filter on vpn ip's.
--
Giancarlo Razzolini
http://lock.razzolini.adm.br
Linux User 172199
Red Hat Certified Engineer no:804006389722501
Verify:https://www.redhat.com/certification/rhce/current/
Moleque Sem Conteudo Numero #002
OpenBSD Stable
Ubuntu 8.04 Hardy Heron
4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85
| Oct 1, 8:44 am 2008 |
| James Hartley |
| Sep 30, 8:14 pm 2008 |
| Nick Guenther | Re: Weird pkg_info behavior?
I think he's asking for how to read package descriptions without
downloading everything. But pkg_info has to download the entirety of
each package first because a package is a compressed archive file.
If you are looking for package descriptions, install the ports tree
and read the Makefiles. Also, if you are lazy/not on an OpenBSD box,
most of the descriptions are available at
http://www.openbsd.org/4.3_packages/.
-Nick
| Sep 30, 10:47 pm 2008 |
| andrew fresh |
| Sep 30, 11:22 pm 2008 |
| Toni Mueller | Re: ? Recommended News Server
*LOL*
There are some "semi-finished" ports floating around in the archives.
You might want to make a stab at it, too.
Kind regards,
--Toni++
| Oct 1, 3:49 am 2008 |
| Henning Brauer |
| Oct 1, 9:43 am 2008 |
| Nick Guenther | Re: esd + mpd
USAGE
esd [options]
-d DEVICE force esd to use sound device DEVICE
-b run server in 8 bit sound mode
-r RATE run server at sample rate of RATE
-as SECS free audio device after SECS of inactivity
-unix use unix domain sockets instead of tcp/ip
-tcp use tcp/ip sockets instead of unix domain
-public make tcp/ip access public (other than localhost)
-promiscuous start un...
| Oct 1, 1:39 am 2008 |
| Lawrence Teo | Re: Bad MD5 on snapshot i386 install.iso
Joe,
I think the MD5 file was out of sync in the past week.
I downloaded the i386 install44.iso a few days ago. I just checked the
file I downloaded, and it does have the "correct" MD5
(f87b839db833380f41f02bd7fffb2d27) according to what you posted.
*But* on the day I downloaded it, I was very sure the MD5 file
on the FTP site was advertising a different hash.
Like you, I thought I had a bad ISO, so I downloaded the ISO file
from a different mirror, but the second ISO file had the same has...
| Sep 30, 11:19 pm 2008 |
| Toni Mueller | Re: uvm_fault again...
Hi,
this doesn't have to mean much.
I recently wanted to install OpenBSD on a machine which also claimed to
have all file systems clean, but emitted spurious error messages in
white-on-blue on the screen nevertheless. Running fsck -f on the file
system revealed that it *was* corrupted, and trying to repair it
failed, repeatedly, always with the same error messages. I concluded
that the drive was bad.
Kind regards,
--Toni++
| Oct 1, 3:46 am 2008 |
| Maximo Pech | Re: Limit number of login sessions
Users are not in my local network. They will connect from the internet and
they have dynamic IPs so I guess that wouldn't work because altq can limit
What kind of module? a kernel module?
| Oct 1, 12:03 am 2008 |
| Julian Leyh | Re: Limit number of login sessions
from pf.conf(5):
user <user>
This rule only applies to packets of sockets owned by the specified
user. For outgoing connections initiated from the firewall, this is the
user that opened the connection. For incoming connections to the
firewall itself, this is the user that listens on the destination port.
For forwarded connections, where the firewall is not a connection
endpoint, the user and group are unknown.
don't know if that could be useful for your purpose, but it sounds a ...
| Oct 1, 3:07 am 2008 |
| Maximo Pech |
| Oct 1, 12:05 am 2008 |
