similar to: reply attack

Displaying 20 results from an estimated 30000 matches similar to: "reply attack"

2001 Dec 29
0
about tinc security
hello, the text attached describes what i believe to be security holes in tinc. i would appreciate your comments to see if i missed something big. -------------- next part -------------- Security flaws in tinc Jerome Etienne jme@off.net Abstract This text describes security flaws in Tinc. It includes a description of the security
2006 Dec 07
1
are these problems?
Greetings All, I was looking around the Internet and came across this, but did not know if it was a problem for Tinc. http://off.net/~jme/tinc_secu.html ------------------------------- Security flaws in tinc Jerome Etienne jme@off.net Abstract This text describes security flaws in Tinc. It includes a description of the security (see section 1
2005 Feb 03
1
Bug Report. Replay-gain and ogg.
I just bought an I Audio mobile device (Btw, these thigns are the coolest players on the face of the earth.. might want to check em out). It plays ogg vorbis files rather nicely. My whole music library is sitting in flac format. When I encoded my flac files (the majority a year ago) I used replay gain to save the album and track information if the flac file. Unfortunately, the I audio doesnt like
2004 Sep 20
2
late or replayed packet warning
I get a lot of these in my log, especially when I am moving lots of traffic across the vpn: Sep 20 10:45:11 titan tinc.tdvpns[16152]: Got late or replayed packet from holden (xx.yy.zz.ww port 655), seqno 37609, last received 37610 (sequence numbers displayed generally differ by only one) What exactly is this trying to say? Surely this doesn't simply mean that the udp packets arrived in a
2011 Feb 09
2
patch mentioned at FOSDEM to disable UDP packet drop out of sequence
During Brandon Black presentation I heard that was developed a patch to prevent loss of UDP packets when tinc detects a replay attack. Is possible to have a look at that patch ? :) Saverio
2010 Jul 25
1
Per E-Mail senden: commit.txt
Hi Guus, I've attached something like a commit message (I think). Sorry, but I am not familiar with git and currently familiarizing with it. In the meantime, I fixed some code and introduced a compatibility wrapper to allow porting tinc to "Fritz!Box" (using Freetz http://trac.freetz.org/). The file is called ifaddr-compat.h/c and wraps the function "getifaddrs". I'm
2014 Apr 29
0
[PATCH] fix documentation typo
Signed-off-by: Loic Dachary <loic at dachary.org> --- doc/tinc.conf.5.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/tinc.conf.5.in b/doc/tinc.conf.5.in index 7196392..00e4674 100644 --- a/doc/tinc.conf.5.in +++ b/doc/tinc.conf.5.in @@ -416,7 +416,7 @@ and are available. .El .It Va ReplayWindow Li = Ar bytes Pq 16 -vhis is the size of the replay tracking
2017 Jul 18
0
under some kind of attack
Am 18.07.2017 um 22:15 schrieb mj: > Hi, > > Thanks for the quick follow-ups! Much appreciated. After posting this, I > immediately started working on fail2ban. And between my initial posting > and now, fail2ban already blocked 114 IPs. > > I have fail2ban with maxretry=1 and bantime=1800 > > However, it seems almost all IPs are different, and I don't think I can
2011 May 08
0
[Announcement] Version 1.0.14 released
With pleasure we announce the release of version 1.0.14. Here is a summary of the changes: * Fixed reading configuration files that do not end with a newline. Again. * Allow arbitrary configuration options being specified on the command line. * Allow all options in both tinc.conf and the local host config file. * Configurable replay window, UDP send and receive buffers for performance
2011 May 08
0
[Announcement] Version 1.0.14 released
With pleasure we announce the release of version 1.0.14. Here is a summary of the changes: * Fixed reading configuration files that do not end with a newline. Again. * Allow arbitrary configuration options being specified on the command line. * Allow all options in both tinc.conf and the local host config file. * Configurable replay window, UDP send and receive buffers for performance
2017 Jul 19
3
under some kind of attack
Hi Robert, On 07/18/2017 11:43 PM, Robert Schetterer wrote: > i guess not, but typical bots arent using ssl, check it > > however fail2ban sometimes is to slow I have configured dovecot with auth_failure_delay = 10 secs I hope that before the 10 sec are over, dovecot will have logged about the failed login attempt, and fail2ban will have blocked the ip by then. MJ
2017 Jul 19
0
under some kind of attack
On 19/07/2017 11:23, mj wrote: > Hi Robert, > > On 07/18/2017 11:43 PM, Robert Schetterer wrote: >> i guess not, but typical bots arent using ssl, check it >> >> however fail2ban sometimes is to slow > > I have configured dovecot with > auth_failure_delay = 10 secs > > I hope that before the 10 sec are over, dovecot will have logged about the >
2020 Jul 27
0
SegFault when using TunnelServer=yes
Hi. I have few questions out of curiosity.. Cant help for now with your problem... What version is crashing? 1.1 or 1.0 ? How your network is segmented..? I use tinc myself here a lot too (1.0) but my network is very segmented. I use switch mode and handle routing myself, so mesh links arent large.. I would NOT go beyond 30 nodes for full auto-mesh.. its already like 435 edges... Regards,
2010 Oct 23
1
Tweaks for high-bandwidth tinc
I've been using tinc to do some high bandwidth VPNs between nodes in Amazon's EC2 environment (to work around some limitations there for effectively loadbalancing raw TCP connections while preserving the sources addresses, using Linux IPVS in NAT mode). The raw amount of traffic involved is probably making this a bit of a corner case for tinc. In the overall it has held up remarkably
2018 Oct 08
1
[Announcement] Tinc version 1.0.35 and 1.1pre17 released
Because of security vulnerabilities in tinc that have recently been discovered, we hereby release tinc versions 1.0.35 and 1.1pre17. Here is a summary of the changes in tinc 1.0.35: * Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738). * Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758). Here is a summery of the changes in tinc 1.1pre17: * Prevent oracle attacks in the
2018 Oct 08
1
[Announcement] Tinc version 1.0.35 and 1.1pre17 released
Because of security vulnerabilities in tinc that have recently been discovered, we hereby release tinc versions 1.0.35 and 1.1pre17. Here is a summary of the changes in tinc 1.0.35: * Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738). * Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758). Here is a summery of the changes in tinc 1.1pre17: * Prevent oracle attacks in the
2006 Mar 22
1
FreeBSD Security Advisory FreeBSD-SA-06:11.ipsec
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:11.ipsec Security Advisory The FreeBSD Project Topic: IPsec replay attack vulnerability Category: core Module: sys_netipsec Announced:
2006 Mar 22
1
FreeBSD Security Advisory FreeBSD-SA-06:11.ipsec
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:11.ipsec Security Advisory The FreeBSD Project Topic: IPsec replay attack vulnerability Category: core Module: sys_netipsec Announced:
2020 Jul 28
0
SegFault when using TunnelServer=yes
Thanks for answers. I think its now flaw.. but design.. Tinc auto-mesh is very very handy. You just need to avoid flat networks. There is also IndirectMode w/ forces nodes to be switched by intermediate node... but I would be cautionus how its used. I use it myself for certain nodes behind NATs where they cannot be connected to, so always connect node handles switching for them. You noticed it
2013 Feb 13
1
Problems with tunnel: Got late or replayed packet, packet is 150 seqs in the future, expiring symmetric keys
Hi! I have som problems with my vpn tunnel. I have 6 nodes in the network. Three of them is running tinc 1.1pre5 Three of them is running tinc 1.0.19 I also have vlan tagging between the nodes running tinc 1.1pre5 The problem is that get a bunch of errors in the log like the messages below (logs is attached in the email): Got late or replayed packet from JOTPOS ("internal ip" port