Displaying 20 results from an estimated 20000 matches similar to: "OpenSSH DoS issue ?"
2006 Sep 05
2
http://www.openssl.org/news/secadv_20060905.txt
Does anyone know the practicality of this attack ? i.e. is this trivial to do ?
---Mike
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike@sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada
2003 Aug 28
1
new DoS technique (exploiting TCP retransmission timeouts)
An interesting paper
http://www.acm.org/sigcomm/sigcomm2003/papers/p75-kuzmanovic.pdf
---Mike
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike@sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
2017 Sep 26
2
tweaking max sessions / scaling
Other than cranking up logging to debug2, is there a way to better tune
logging on a server to see if I am running into max sessions ? On
FreeBSD RELENG11 I am periodically seeing connections being refused-
3way handshake not completing or completing and then FINs.
Typically, I have a hundred or so connections at one time, but they can
bounce up to a few hundred on occasion. Without leaving the
2017 Jul 24
8
syslog from chrooted environment
I have a somewhat busy sftp server where the users are all chrooted into
their home directory. In order to log all the commands they enter, I
have to create a /dev/log entry and hard link in their home directory so
that syslog works for their commands
Match user *
ForceCommand internal-sftp -f local1 -l verbose
Everything works, but its a bit of a pain if someone restarts syslogd
and forgets
2017 Jul 25
3
syslog from chrooted environment
On 7/24/2017 8:39 PM, Nico Kadel-Garcia wrote:
>
> Why are the targets of the hardlinks evaporating on rebooting? Is that
> a FreeBSD'ism?
Its when syslogd stops/starts. The hardlinks need to be recreated for
some reason.
---Mike
--
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet services since 1994
2004 Jan 16
1
HiFn / FAST_IPSEC question
Hi,
Just got some of the new Soekris 1401 VPN cards based on the hifn 7955 chip.
hifn0 mem 0xe8510000-0xe8517fff,0xe8518000-0xe8519fff,0xe851a000-0xe851afff
irq 5 at device 0.0 on pci1
hifn0: Hifn 7955, rev 0, 32KB dram, 64 sessions
vs
hifn0 mem 0xeb902000-0xeb902fff,0xeb901000-0xeb901fff irq 10 at device 8.0
on pci0
hifn0: Hifn 7951, rev 0, 128KB sram, 193 sessions
When it says "n
2013 Jan 06
2
audit events confusion
On a rather full customer web server, I am trying to track down whose
web site script is trying to make outbound network connections when they
should not be. In /etc/security/audit_control, I added to the flags line
dir:/var/audit
flags:lo,aa,-nt
minfree:5
to log failed network connection. When I try an make an outbound
connection to something that is blocked in pf, it seems to sometimes
work.
2003 Jul 01
2
4.9R bug fix ?
Any chance someone can look at / commit the fix in PR 52349 before 4.9R ?
Its a simple fix. As it is to netstat, I dont know of anyone who 'owns'
that program to bug other than to make a general plea :-)
---Mike
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications,
2003 Sep 23
1
NTP common code base ?
Cisco released an advisory about their ntp client and server having a bug
http://www.cisco.com/warp/public/707/NTP-pub.shtml
Is there a common code base at all that would have relevance to the code in
FreeBSD ? I noticed in the COPYRIGHT file cisco has made some contributions.
---Mike
--------------------------------------------------------------------
Mike Tancsa,
2005 Mar 04
4
Fwd: FreeBSD hiding security stuff
FYI
>To: misc@openbsd.org
>Subject: FreeBSD hiding security stuff
>Date: Fri, 04 Mar 2005 03:51:42 -0700
>From: Theo de Raadt <deraadt@cvs.openbsd.org>
>
>A few FreeBSD developers apparently have found some security issue
>of some sort affecting i386 operating systems in some cases.
>
>They have refused to give us real details.
>
>A promise is now being
2008 Feb 13
3
AMD64 vs i386, ifstat and bsnmp
Couple of little things I noticed with a new RELENG_7 AMD64 box (as
of yesterday)
ifstat from the ports cannot seem to find interfaces for some reason
? It works fine on i386
[ns8]# ifstat -b
ifstat: no interfaces to monitor!
[ns8]#
[ns8]# ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
2003 Jun 02
0
sbsize and local DoS issue via kernel panic
I noticed with active ftp clients (specifically IMP's .forward modification
plugin), an sbsize of something under 32M in /etc/login.conf on the target
server now gives
Can't create data socket (M-^A> (^A,_<F5>^R(^C): No buffer space available.
in the ftp logs. What is a safe value to prevent users from abusing the
system by eating up all mbufs ? There is a local DoS if
2003 Nov 26
1
perms of /dev/uhid0
I wrote a small app that monitors a Back-UPS ES500 UPS via the uhid0
interface. I want to run the daemon with as little privs as possible.
gastest# ls -l /dev/uhid0
crw-rw---- 1 root operator 122, 0 Nov 12 05:26 /dev/uhid0
gastest#
Is it safe to chmod o+r /dev/uhid0 ? Or is there a better way to drop
privs of the daemon yet still be able to read from the device ?
All I am doing is
2003 Sep 15
1
Fwd: Re: [Full-Disclosure] new ssh exploit?
Has anyone around here heard of this ?
---Mike
>Subject: Re: [Full-Disclosure] new ssh exploit?
>From: christopher neitzert <chris@neitzert.com>
>Reply-To: chris@neitzert.com
>To: full-disclosure@lists.netsys.com
>X-Mailer: Ximian Evolution 1.4.3.99
>Sender: full-disclosure-admin@lists.netsys.com
>X-BeenThere: full-disclosure@lists.netsys.com
2004 Feb 10
1
Longest known unpatched FreeBSD security issue ?
Does anyone know off hand what the longest known serious security issue
(i.e. remote compromise) has been with FreeBSD that went unpatched ? e.g.
security hole is reported to security-officer@FreeBSD.org. X days later,
fix and advisory committed. What has been the largest X ?
My jaw dropped when I saw
http://www.eeye.com/html/Research/Upcoming/index.html
---Mike
2004 Sep 17
1
Fwd: FreeBSD kernel buffer overflow
Can anyone provide more details about the posting below ?
>Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bugtraq@securityfocus.com>
>List-Help: <mailto:bugtraq-help@securityfocus.com>
>List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
>List-Subscribe:
2008 Nov 25
1
sio vs uart vs ucomm problems / differences
We are in the process of migrating one of our embedded apps to use
uart by default instead of sio in RELENG_7 in prep for the day when
sio eventually disappears. Unfortunately, the application doesnt
want to work with uart with puc backed devices, but still works with
sio. Stranger still, the app works with the uart driver when uart
attaches to the built in com port on the isa bus. However,
2013 Sep 26
0
nanobsd on RELENG9
I am getting an odd error on a recent i386 releng9 while trying to build
a nanobsd image.
It dies during installworld in
cd /usr/src/etc/../share/man;
/usr/obj/nanobsd.full//usr/src/make.i386/make makedb
makewhatis /usr/obj/nanobsd.full//_.w/usr/share/man
makewhatis /usr/obj/nanobsd.full//_.w/usr/share/openssl/man
rm: /tmp/install.bqKyLzJg: Directory not empty
*** [installworld] Error code 1
1
2004 May 10
5
rate limiting sshd connections ?
Does anyone know of a way to rate limit ssh connections from an IP address
? We are starting to see more and more brute force attempts to guess
simple passwords "/usr/sbin/inetd -wWl -C 10" is nice for slowing down
attempts to services launched via inetd. Is there an equiv method for
doing this to sshd? Running from inetd has some issues supposedly.
---Mike
2008 Dec 02
6
repeatable crash on RELENG7
While trying to speed up nanobsd builds, I mounted /usr/obj on a
ramdisk and found my box crashing. Thinking it might be hardware, I
tried a separate machine, but with the same results. I have 4G of
ram (i386). Am I just running out of some kernel memory ? If so, is
there anything I can adjust to prevent this, yet still use mfs in this way ?
mdconfig -a -t malloc -s 1800M
newfs /dev/md0