similar to: What about FreeBSD? - KAME Project "ipcomp6_input()" Denial of Service

Displaying 20 results from an estimated 200 matches similar to: "What about FreeBSD? - KAME Project "ipcomp6_input()" Denial of Service"

2005 Oct 17
3
Problem with IPComp on VPN
I''ve created an IPSec VPN using shorewall and racoon-tool under Debian 3.1. I''m not using the patched iptables/kernel for policy match, therefore I''m using the tunnels/hosts config method rather than the ipsec config file method. I''m running the latest 2.6.13 kernel. I have no problem getting my VPN connection up and running with one exception. Without
2008 Sep 04
2
Compiling v6tun from KAME
I need vtun working over IPv6. The version from rpmforge does not seem to support IPv6 (binds to 0.0.0.0:5000 if I specify binding to the interface, and won't let me put in an IPv6 address for address binding). So I was pointed to the KAME (which does not provide any FC/RHEL support. The person who sent me there provided a makefile that he said works on Linux, but did not work for me:
2007 Sep 20
2
OCF
Hi, I am just new to the FreeBSD system and look forward to take active part in contributing. Can someone please guide where can I find OCF source code in FreeBSD and also is there IKE implementation and OpenSWAN ? Regards, Raja
2003 Sep 11
2
FAST_IPSEC doesn't seem to honor net.key.prefered_oldsa=0
When using the FAST_IPSEC option in the kernel build, the sysctl variable net.key.prefered_oldsa seems to make no difference. The kernel always chooses an old SA. This problem can be easily reproduced. Just wait till the soft limit of the SA is expired and do a setkey -F on the remote and then ping through the tunnel. Because the old SA's are preferred and the remote no longer has the old
2005 Apr 21
1
Fwd: (KAME-snap 9012) racoon in the kame project
FYI, looks like support for Racoon is ending. Does anyone have any experience with the version in ipsec-tools ? ---Mike >Racoon users, > >This is the announcement that the kame project will quit providing >a key management daemon, the racoon, and that "ipsec-tools" will become >the formal team to release the racoon. >The final release of the racoon in the
2007 Jun 07
3
Wan optimizations with linux
Hi, I''m researching for WAN optimizations with linux. My network is composed for MPLS network connecting 200 branches against a central site. I use Linux machines to provide security with IPSEC in the branches and in the central site. Now I''m lookup for techniques for optimization the link. My first ideas was use IPCOMP and proxy to cache traffic of HTTP applications. Somebody
2008 Aug 25
1
Issue with: Sendmail, Dovecot and Sieve: -- TECRA_A9 --
sendmail -- Version 8.14.2 Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG dovecot-1.0.7 Secure and compact IMAP and POP3 servers dovecot-sieve-1.0.2 A sieve plugin for the Dovecot LDA called 'deliver' With focus on the
2008 Nov 14
3
FreeBSD 6.3 gre and traceroute
Stephen Clark wrote: > Robert Noland wrote: >> On Thu, 2008-11-13 at 07:48 -0500, Stephen Clark wrote: >>> Julian Elischer wrote: >>>> Stephen Clark wrote: >>>>> Julian Elischer wrote: >>>>>> you will need to define the setup and question better. >>>> thanks.. cleaning it up a bit more... >>>> >>>>
2007 Apr 02
1
Stronger security with BSD Firewall and Freeradius
I've seen that is possible to use switch port blocking with freeradius and cisco switches via 802.1X and EAP protocol. Here is more info: http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO What if I don't have switch that supports 802.1X or I want that blocking is done by FreeBSD, not the switch. Because FreeBSD is the firewall or gateway to some networks. Is there
2006 Jan 25
1
mpd and radius
Hi all: I ahve some basic questions regarding the mpd.conf: set radius retries 3 set radius timeout 3 set radius server 192.168.128.101 testing123 1812 1813 set radius me 1.1.1.1 set bundle enable radius-auth radius-fallback Here my radius server is 192.168.128.101 and interanl interface of this mpd server is 192.168.64.65 1) What is this "testing123"? is that key between radius
2013 Jun 08
1
Multicast panic caused by elasticsearch
Hi, I was experimenting with Logstash + elasticsearch on FreeBSD 9 - initially I downloaded it by hand (I forgot to check for a port) and it worked fine. I then tried the port and this forced me to use a different java version (was jdk-16.0.3p4_25 now openjdk6-b27) and it seems that the new one causes a panic. Unfortunately crashdumps aren't working properly, however I did get the panic
2004 Aug 18
6
Report of collision-generation with MD5
Just got a pointer to this via ACM "TechNews Alert" for today: http://www.acm.org/technews/articles/2004-6/0818w.html#item2 Seems that "... French computer scientist Antoine Joux reported on Aug. 12 his discovery of a flaw in the MD5 algorithm, which is often used with digital signatures...." There's more in the article cited above. Peace, david -- David H. Wolfskill
2016 Aug 19
5
[Bug 2606] New: IPv6 bind address vs autoconfiguration privacy
https://bugzilla.mindrot.org/show_bug.cgi?id=2606 Bug ID: 2606 Summary: IPv6 bind address vs autoconfiguration privacy Product: Portable OpenSSH Version: -current Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs
2011 Apr 01
0
on "BSD derived RFC3173 IPComp encapsulation will expand arbitrarily nested payload"
Hi, as some IPSec users might be worried about the "BSD derived RFC3173 IPComp encapsulation will expand arbitrarily nested payload" from http://seclists.org/fulldisclosure/2011/Apr/0 , here's some braindump: To be affected it's believed that you need to 1) manually compile in IPSEC (not done in GENERIC or the release), 2) have an entry for ipcomp in your security
2002 Mar 07
11
[Bug 146] OpenSSH 3.1p1 will not build on BSD/OS 4.2/4.1/4.01
http://bugzilla.mindrot.org/show_bug.cgi?id=146 ------- Additional Comments From mouring at eviladmin.org 2002-03-08 07:38 ------- I just went through someone with this problem. And HAVE_BOGUS_SYS_QUEUE_H worked for them. However you must have BOTH HAVE_SYS_QUEUE_H and HAVE_BOGUS_SYS_QUEUE_H set. As for INADDR_LOOPBACK. I'd like to know where on BSD/OS that is defined so we can
2007 Apr 26
0
FreeBSD Security Advisory FreeBSD-SA-07:03.ipv6
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:03.ipv6 Security Advisory The FreeBSD Project Topic: IPv6 Routing Header 0 is dangerous Category: core Module: ipv6 Announced:
2004 Aug 13
6
sequences in the auth.log
Hi all, I found similar sequences in the /var/auth.log files of freebsd boxes, I supervise.: Aug 13 13:56:08 www sshd[26091]: Illegal user test from 165.21.103.20 Aug 13 13:56:11 www sshd[26093]: Illegal user guest from 165.21.103.20 Aug 13 13:56:15 www sshd[26096]: Illegal user admin from 165.21.103.20 Aug 13 13:56:18 www sshd[26103]: Illegal user admin from 165.21.103.20 Aug 13 13:56:21 www
2012 Jun 12
0
FreeBSD Errata Notice FreeBSD-EN-12:02.ipv6refcount
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-EN-12:02.ipv6refcount Errata Notice The FreeBSD Project Topic: Reference count errors in IPv6 code Category: core Modules: sys_netinet sys_netinet6
2007 Apr 26
4
FreeBSD Security Advisory FreeBSD-SA-07:03.ipv6
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:03.ipv6 Security Advisory The FreeBSD Project Topic: IPv6 Routing Header 0 is dangerous Category: core Module: ipv6 Announced:
2006 May 03
5
SNAT on IPSEC tunnel with kernel 2.6/KAME tools?
Hi, Could not conceive an working set-up for an IPSEC VPN made with racoon/setkey on which I have one address on my side acting as an SNAT router for all traffic from my network to a network segment on the far side. my network --- my gateway ---------------------- remote network 10.0.0.0/24 - 10.0.0.1 (10.253.0.2) -- tunnel - 192.168.0.0/22 All traffic starts on my side, so if I can