search for: silby

...to bring the card up, this is the fix for you. The driver wasn't previously taking into account the fact that the chipset doesn't like addresses over the 1GB mark. If you'd like an even quicker fix, just add hw.mem = "1000M" to your loader.conf and reboot. :) Mike "Silby" Silbersack ---------- Forwarded message ---------- Date: Fri, 28 Apr 2006 05:39:58 +0000 (UTC) From: Mike Silbersack <silby@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/dev/bfe if_bfe.c silby 2006-04-28 05:39:...

Mike Silbersack wrote: > On Tue, 16 Sep 2003, Scott Long wrote: > > >>Patches have been floated on the mailing list that revert PAE in its >>various stages. Maybe those need to be brought back up. Silby? Tor? >> >>Scott > > > I believe that Tor's commit on August 30th resolved the PAE-related > problems, so there is no need for a reversion. Since that time, I've seen > three panics posted: > > 1. Some netinet/ related panic which I couldn't make h...

Dear list, A few days ago one of my machines were attacked by a DDoS-attack using UDP on random ports.. When I later on analyzed the logs, I found this in my dmesg: xl0: initialization of the rx ring failed (55) xl0: initialization of the rx ring failed (55) xl0: initialization of the rx ring failed (55) I tried to find out on google what it ment, but without any luck. What does that mean and

Hi, folks @ freebsd-security. First, I am not sure if this is apropriate topic for that list, so sorry, if it is not. Some time ago I have read rfc1948 (protection from blind TCP spoofing) and became interested in the way how it is implemented in FreeBSD. After some googling (BTW if you like Google you might be interested in this: http://register.spectator.ru/img/bart.gif ), I found this:

In http://docs.freebsd.org/cgi/mid.cgi?200402260743.IAA18903 it seems RELENG_4 is vulnerable. Is there any work around to a system that has to have ports open ? Version: 1 2/18/2004@03:47:29 GMT >Initial report > <<https://ialert.idefense.com/KODetails.jhtml?irId=207650>https://ialert.idefense.com/KODetails.jhtml?irId=207650; >ID#207650: >FreeBSD Memory Buffer

In addition to the network drivers Luoqi provided PAE patches for, I have also backported -current's if_xl driver; it is available at: http://www.silby.com/pae/ Even if you're not running Luoqi's PAE patch, I'd be interested in hearing how it works for you. Thanks, Mike "Silby" Silbersack

Forwarded message: > From full-disclosure-admin@lists.netsys.com Wed Apr 21 11:49:12 2004 > To: full-disclosure@lists.netsys.com > From: Darren Bounds <dbounds@intrusense.com> > Subject: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability > Date: Tue, 20 Apr 2004 18:19:58 -0400 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > >

hi is there any way to build 4.8 release with this fstack protection? or atleast some ports is there any good info on this? the only page i found was that ibm page but it seemed outdated. //martin

...cription. FWIW, I've been testing with the exploit code (reset-tcp-rfc31337-compliant.c from osvdb-4030-exploit.zip), and this change does indeed defeat the attack. It took me a while to get the code working, they really munged up the libnet calls, but I guess that was the intent. Mike "Silby" Silbersack -------------- next part -------------- diff -u -r /usr/src/sys.old/netinet/tcp_input.c /usr/src/sys/netinet/tcp_input.c --- /usr/src/sys.old/netinet/tcp_input.c Thu Apr 22 01:15:15 2004 +++ /usr/src/sys/netinet/tcp_input.c Fri Apr 23 22:13:18 2004 @@ -1570,6 +1570,10 @@ goto...

Hello, all! In the beginning I want to say, that this question seems to be a security one, isn't it so?.. Recently I was googling for the subject and coulnd't find anything... Even in the opennet.ru forum nobody answered me about this. So, as far as I got to know, randomizing source ports in FreeBSD is impossible now? (to be exact - is not implemented?) It's very interesting to me

As others have noted, Tor's patch appears to be a total solution to the recent instability the PAE patch introduced. So, if you're experiencing panics with a recent kernel, or are in a position to stress a machine, please cvsup and give it a test! Thanks, Mike "Silby" Silbersack ---------- Forwarded message ---------- Date: Sat, 30 Aug 2003 08:39:08 -0700 (PDT) From: Tor Egge <tegge@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/i386/i386 genassym.c globals.s mp_machdep.c pmap.c...

...e I have put this driver through extensive testing, it is possible that there may be bugs which are either present in the -current version or that I added in the MFC process. So, if you cvsup to -stable anytime in the future and notice problems with if_xl, please tell me ASAP! Thanks, Mike "Silby" Silbersack

...ke Tancsa and others helped greatly in tracking down this problem.) If you'd like to make sure that 4.9 is our best release ever, please do the following: - CVSup to RELENG_4! - Enable DDB or crashdumps so that you can capture a backtrace when and if your machine panics. Thanks, Mike "Silby" Silbersack

GENERIC kernel build, cvsup as of 21:37 October 1 2003: ../../vm/vm_map.c: In function `vm_init2': ../../vm/vm_map.c:190: `maxfiles' undeclared (first use in this function) ../../vm/vm_map.c:190: (Each undeclared identifier is reported only once ../../vm/vm_map.c:190: for each function it appears in.) *** Error code 1 Using the freebsd protector patch (anti stack smashing), FYI.

Has anyone seen the recently published IETF draft regarding ICMP attacks against TCP? [http://www.ietf.org/internet-drafts/draft-gont-tcpm-icmp-attacks-00.txt] I'm interested in any comments as to the vulnerability of FreeBSD's TCP to such attacks and the need for or usefulness of the various solutions proposed in the paper. Thanks, all - Steve -- Steve Zweep Senior Software

Attached is a security alert from Gentoo pertaining to clam antivirus. It seems that as of this morning, FreeBSD's ports still contain the affected version. Thank in advance, Tom Veldhouse -------------- next part -------------- An embedded message was scrubbed... From: Tim Yamin <plasmaroo@gentoo.org> Subject: [gentoo-announce] [ GLSA 200402-07 ] Clamav 0.65 DoS vulnerability Date:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm running stock FreeBSD with services running: samba (connections allowed only from local network), lpd (same), bind (all interfaces), apache (all), zope (local) This machine is home gateway/http/printserver. Recently some strange things happened as my printer all of sudden started to print stuff when nobody prints... luckily (or

Hi there, I'm still running 6.2 on various servers without any tweaks (GENERIC kernel, binary updates via freebsd-update etc.) but lots of ports (apache, postgresql, diablo-jdk etc.) and would like to use stack smashing protection in order to harden my boxes and avoid many potential exploits. I've known about ProPolice/SSP for a while now (from the Gentoo world) and am aware that

...Security Advisory The FreeBSD Project Topic: Remote denial-of-service when using accept filters Category: core Module: kernel Announced: 2002-05-29 Credits: Mike Silbersack <silby@FreeBSD.org> Affects: FreeBSD 4.5-RELEASE FreeBSD 4-STABLE after 2001-11-22 and prior to the correction date Corrected: 2002-05-21 18:03:16 UTC (RELENG_4) 2002-05-28 18:27:55 UTC (RELENG_4_5) FreeBSD only: YES I. Background Free...

Any chance of this being implemented in fbsd? Could be usefull ;-) ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt -- :{ andyf@speednet.com.au Andy Farkas System Administrator Speednet Communications http://www.speednet.com.au/