search for: cjclark

Heya.. Yesterday someone "attacked" by box by connection to several ports.. In other words, a simple portscan.. yet, since my box has "log_in_vain" enabled, so it tries to log everything to /var/log/messages, since the logfile got full and the size went over 100K, it tried to rotate the log to save diskspace. (Apr 16 21:00:00 omikron newsyslog[32137]: logfile turned over due

...but so what. Obviously, I may be missing something. Any interest in this? Let me know if you try it out and any successes or failures. Patches! CURRENT and RELENG_4 version attached. The documentation is included as a patch to the syslogd(8) man page. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org -------------- next part -------------- Index: src/usr.sbin/syslogd/syslogd.8 =================================================================== RCS file: /ncvs/src/usr.sb...

Hi folks, I've been working on getting my WiFi network running with IPsec. I'm at the point where all traffic on the wifi subnet is encrypted (i.e. ESP). Then I tried to add AH to the equation. I failed. This picture describes the network setup: http://beta.freebsddiary.org/images/ipsec-wireless.gif Here's what I'm trying and failing with. With these rules, I get no

Security pundits have been warning about the dangers implicit with Web services for years. A good starting point for understanding the security issues related to Web services can be found at: http://searchwebservices.techtarget.com/originalContent/0,289142,sid26_gci872720,00.html Of course to really understand the security risks posed by Web services, you need to understand the basics of Web

Can anyone help with this. Bridge is enabled, even in sysctl. Firewall is enabled and configured. But my reality is done this way.. Cisco (NATing 192.168.1.0/24) ---- Freebsd Bridge (Public IP) ------ stations (Public IP) (NATing 172.16.0.0/24 192.168.1.xx or something similar) 172.16.0.xx and on one public IP one

Dear list! I have a little problem, trying to enable logging of deny rule. I have enabled it via kernel: options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=3 It is ipfw2. After that, my inten- tion was to use syslogd and !ipfw *.* /var/log/ipfw.log and newsyslog with /var/log/ipfw.log 600 3 100 * J In rc.conf I have firewall_enable="YES"

...he same special meaning as it does for USER or LOGNAME. I'd be willing to write the patch, but I thought I would submit the idea first. It seems so obvious to me that I worry that there is some very good reason NOT to do this. Thanks for your time. -- Crist J. Clark cjclark@home.com

hi all i'm trying to get ipfilter set up on my new 5.1-RELEASE box. ipfilter seems to be working fine. i just have a couple of issues that are probably not very serious... one thing is that during network startup at boot, i get the message IPFilter: already initialized repeated 4 times. i think i have everything configured properly my kernel config looks like options IPFILTER options

[ -netters, please Cc me or security@ with replies. ] I'm running into trouble integrating dynamic racoon-based IPSec into a network with ipfw and natd. I need to be able to allow VPN access from any address from authenticated clients. I've got the dynamic VPN working, with racoon negotiating SAs and installing SPs, but the problem is that I can't tell whether an incoming packet on

Just rebuilt and installed/world kernel: FreeBSD 4.8-STABLE #0: Fri Apr 11 14:34:37 EDT 2003 Using the latest Makefile for squid25: # fgrep \$FreeBSD /usr/ports/www/squid/Makefile # $FreeBSD: ports/www/squid/Makefile,v 1.100 2003/04/09 08:31:30 adrian Exp $ Modified with: # fgrep CONFIGURE_ARGS Makefile |fgrep -v \# CONFIGURE_ARGS= --bindir=${PREFIX}/sbin --sysconfdir=${PREFIX}/etc/squid \

Hello list. I would like to get your opinion on what is a safe multi-user environment. The scenario: We would like to offer to some customers of ours some sort of network backup/archive. They would put daily or weekly backups from their local machine on our server using rsync and SSH. Therefore, they all have a user account on our server. However, we must ensure that they would absolutely not be

On Sat, 29 May 2004 12:00:52 -0700 (PDT), <freebsd-security-request@freebsd.org> wrote: Hello ! Today i see in snort logs : [**] [1:528:4] BAD-TRAFFIC loopback traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] 06/07-09:44:39.044590 127.0.0.1:80 -> 10.6.148.173:1566 TCP TTL:128 TOS:0x0 ID:577 IpLen:20 DgmLen:40 ***A*R** Seq: 0x0 Ack: 0x75830001 Win: 0x0 TcpLen:

hello, I have turned on sysctls variables: net.inet.tcp.log_in_vain: 1 net.inet.udp.log_in_vain: 1 And i have plenty of strange connection attempts on udp protocol Connection attempt to UDP xx.xx.x.xxx:55414 from 192.43.172.34:53 Apr 13 23:56:53 pals /kernel: Connection attempt to UDP xx.xx.x.xxx:55414 from 192.43.172.34:53 Connection attempt to UDP

Hi There, I've been having an issue trying to figure out a way to policy route outbound packets from a multihomed machine through the proper interface using IPFW to no avail. I've tried several different incantations of IPFW fwd/forward statements, and none of them seem to do the trick. Basically, I have a host that has multiple Internet connections. This host is running FreeBSD 4.9

Hi, I have been doing some tests using hping2 and TCP SYN pings targeting local and remote hosts from two FreeBSD 4.7-RELEASE-p10 and one Linux 2.4.18 host. The three machines have the same hardware configuration and have been running for 6 months now. The average load isnt too high (usually 0.01 to 0.15) on the FreeBSD machines. Here is the output from hping2 (excuse me the line wrap),

Thanks for the module, I think its a good idea to commit it to FreeBSD for a few reasons: 1) Some folks just prefer more static kernels. 2) Securelevel is a great thing, but can be a pain to do upgrades around remotely. [A lot of folks use FreeBSD simply because its a breeze to run remotely]. 3) Until someone writes code to add modules to a kernel via /dev/mem and releases it to the script

Hello, ctags(1) uses external application sort(1) for sorting the tags file. It calls it via system(3) function. Look at the /usr/src/usr.bin/ctags/ctags.c file, there are such lines here: if (uflag) { (void)asprintf(&cmd, "sort -o %s %s", outfile, outfile); if (cmd == NULL) err(1, "out of space"); system(cmd); free(cmd); cmd = NULL; } This code will be

(Either this was too hard for the folks on -questions, or it was out of place there, or I'm not providing the right kind of info or... I'm open to suggestions.) At this stage I'd approach bliss if someone could even tell me how to make bind forget that IPv6 exists, and therefore stop hammering these queries at an apparently unsympathetic NT DNS server. Two affected

I believe that I'm having some problems with a Zip 100 drive and the "new" (not really so new anymore) ATA driver. I added a Zip and a new CD-R device to a system over the weekend. The BIOS identifies all of the new devices just fine, but when I boot FreeBSD (the only OS on the system), I get to the ATA probes and things lockup (these are from notes, not exact), ad2: READ command

Hi! I'm trying to increase security on my FreeBSD 4.8 firewall/DSL router/VPN router. My problem is with firewalling the VPN part. I'm using a tunnel to a RedHat 7.1 box running FreeS/WAN. This tunnel allows traffic from my internal net (172.17.0.0/24) to that box only: spdadd 172.17.0.0/24 $REDHAT/32 any -P out ipsec esp/tunnel/$MYADDR-$REDHAT/unique; spdadd $REDHAT/32 172.17.0.0/24