search for: lariat

I'm interested in crafting firewall rules that throttle connections that have lasted more than a certain amount of time. (Most such connections are P2P traffic, which should be given a lower priority than other connections and may constitute network abuse.) Alas, it doesn't appear that FreeBSD's IPFW can keep tabs on how long a connection has been established. Is there another firewall

I need to build up a few servers and routers, and am wondering how FreeBSD 9.1 is shaping up. Will it be likely to be more stable and robust than 9.0-RELEASE? Are there issues that will have to wait until 9.2-RELEASE to be fixed? Opinions welcome. --Brett Glass

A client wants me to set up a mechanism whereby his customers can drop files securely into directories on his FreeBSD server; he also wants them to be able to retrieve files if needed. The server is already running OpenSSH, and he himself is using Windows clients (TeraTerm and WinSCP) to access it, so the logical thing to do seems to be to have his clients send and receive files via SFTP or SCP.

In the next month or two I've got to upgrade a number of servers that are currently on an EOL'd version of 4-STABLE. I foresee that I'll have very limited time to do full OS upgrades on these systems in the coming several years, so I want to make sure I bring them onto an extended-life branch. Right now 4.11 has the furthest projected EOL date (Jan 31 2007), and the projected EOL

OK, an official OpenSSH advisory was released, see here: <URL: http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000063.html > The fix is currently in FreeBSD -CURRENT and -STABLE. It will be applied to the security branches as well today. Attached are patches: buffer46.patch -- For FreeBSD 4.6-RELEASE and later buffer45.patch -- For FreeBSD 4.5-RELEASE and

Everyone: We're starting to see a rash of password guessing attacks via SSH on all of our exposed BSD servers which are running an SSH daemon. They're coming from multiple addresses, which makes us suspect that they're being carried out by a network of "bots" rather than a single attacker. But wait... there's more. The interesting thing about these attacks is that

I'm constructing a Web server which may require restricted areas of the site to be used from public places where a password might be sniffed. The damage that could be done by taking snapshots of the content from one session with a spy program is minimal. What the owner of the server does NOT want, though, is to allow unauthorized parties to gain unfettered access by stealing the password via

We're being ping-flooded by the Nachi worm, which probes subnets for systems to attack by sending 92-byte ping packets. Unfortunately, IPFW doesn't seem to have the ability to filter packets by length. Assuming that I stick with IPFW, what's the best way to stem the tide? --Brett Glass

Subject: user/3610: repetable tcpdump remote crash Resent-Date: Sat, 20 Dec 2003 08:55:02 -0700 (MST) Resent-From: gnats@cvs.openbsd.org (GNATS Filer) Resent-To: bugs@cvs.openbsd.org Date: Sat, 20 Dec 2003 16:42:25 +0100 (CET) From: venglin@freebsd.lublin.pl Reply-To: venglin@freebsd.lublin.pl To: gnats@openbsd.org >Number: 3610 >Category: user >Synopsis: repetable

I haven't seen much on the lists lately regarding the status of FreeBSD 6.2, so I'd like to ask the Release Engineering team for their thoughts and projections. The calendar on the public "Release Engineering" page hasn't been updated since November, and those of us who await 6.2-RELEASE need to have some idea of what to expect. I don't know about everyone else, but

I would like to request that some useful work on networking be MFCed from -CURRENT to -STABLE in time for the release of FreeBSD 6.3. In particular, I'd like to see some of the Netgraph nodes which are new or which have seen extensive development brought in -- ng_nat and ng_car in particular. Bringing in the latest version of ng_nat would allow more flexible in-kernel NAT, while ng_car (which

-----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2003-21 GNU Project FTP Server Compromise Original issue date: August 13, 2003 Last revised: -- Source: CERT/CC A complete revision history is at the end of this file. Overview The CERT/CC has received a report that the system housing the primary FTP servers for the GNU software project was compromised. I. Description

All: I'm posting this to FreeBSD-security (rather than FreeBSD-net) because the problems I'm seeing appear to have been caused by spyware, and because they constitute a possible avenue for denial of service on FreeBSD machines with default installs of the operating system. Several of the FreeBSD machines on our network began to act strangely during the past week. Some have started to

I'm working with a FreeBSD user -- a teacher -- who's running KDE on a system on which she neither has nor wants root privileges. She wants to be able to mount and unmount floppies and ZIP cartridges from within KDE, using the standard KwikDisk utility (which, by the way, generates mount and unmount command that don't conform to FreeBSD syntax; however, it appears possible to fix this