similar to: [Patch] TCP MD5SIG for OpenSSH

On 15 January 2016 at 08:48, Alex Bligh <alex at alex.org.uk> wrote: > > The socket option is enabled *after* connection establishment, thus > > doesn't protect against SYN floods. This is because server doesn't > > know (in userspace) what the address of the peer is until they > > connect. Again because signed addresses. > So could they exchange a secret

On Fri, Jan 15, 2016 at 1:07 PM, Alex Bligh <alex at alex.org.uk> wrote: > On 15 Jan 2016, at 11:44, Thomas ? Habets <habets at google.com> wrote: >> On 15 January 2016 at 08:48, Alex Bligh <alex at alex.org.uk> wrote: [snip] > 3. Server compares supplied address/port pair with what it sees > (to detect DNAT like Amazon elastic IPs), and if they are the >

On 15 Jan 2016, at 16:27, Roland Mainz <roland.mainz at nrubsig.org> wrote: > Don't these extra roundtrips further increase the latency of ssh > connection setup (e.g. imagine a high-bandwidth&&high-latency satelite > link) ? ssh is already a *PAIN* in that area, killing it's usefullness > for applications like "Distributed make" because the time to

Hello. I need help with limiting bandwidth. I have read every tutorial I''ve come over and I just can''t make anything work. Ok, here''s the scenario: I have a gateway, which has five network interfaces (eth0 -> eth4), eth0 is the ''external'' one and eth[1-4] are supposed to be limited to 128Kbit/s each. The interfaces eth[1-4] each have a C-class

http://bugzilla.netfilter.org/show_bug.cgi?id=627 Summary: NATed TCP-connections fail arbitrarily Product: netfilter/iptables Version: linux-2.6.x Platform: All OS/Version: All Status: NEW Severity: blocker Priority: P1 Component: ip_conntrack AssignedTo: laforge at netfilter.org

Hey, Judging from the (private) responses I?ve got, there is quite a bit of interest in the U2F feature I proposed a while ago. Therefore, I?ve taken some time to resolve the remaining issues, and I think the resulting patch (attached to this email) is in quite a good state now. I also posted the new version of the patch to https://bugzilla.mindrot.org/show_bug.cgi?id=2319 (which I?ve opened

> (Blargh is right (https://blog.habets.se/2011/07/OpenSSH-certificates.html <https://blog.habets.se/2011/07/OpenSSH-certificates.html>). Googling for this stuff is *hard*:) Does https://www.sweharris.org/post/2016-10-30-ssh-certs/ help at all? Stephen

Hi folks, I'm setting up a new dovecot email service and have a proxy server running in front of it to facilitate migrating users from my very old UW-IMAP-based mail server to the new one. I have a mysql proxy table that directs inbound IMAP and LMTP connections to the correct server, works great. Managesieve connections are not working through the proxy using either with the sieverules

Hello, This is on Centos 6 and not something I think is wrong with Centos 6 but I am looking to see if anybody else has experienced this and if there is solution. So thanks up front for indulging me. Because Linux makes routing decisions before SNAT it is causing problems when trying to use FTP with two upstream providers in a load balanced setup. Other than ftp, things seem to work OK. Below

Hi Ravi, back to our client-cannot-reconnect-to-gluster-brick problem ... > Von: Ravishankar N [ravishankar at redhat.com] > Gesendet: Montag, 29. Mai 2017 06:34 > An: Markus Stockhausen; gluster-users at gluster.org > Betreff: Re: [Gluster-users] gluster heal entry reappears > > > On 05/28/2017 10:31 PM, Markus Stockhausen wrote: > > Hi, > > > > I'm

On Tue, Jul 7, 2015 at 10:12 AM, BALATON Zoltan via Syslinux <syslinux at zytor.com> wrote: > Hello, > > I'm trying to use http from syslinux.efi but it fails while trying to > establish the connection to a FreeBSD http server. A packet capture shows: > > TCP healthd > http [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=64 TSval=1094 > TSecr=0 > TCP http > healthd

Dear developer, This issue may be not related to openssh but I am not sure. So post it here for some luck. The issue is like this:(you can see more formatted description at (https://serverfault.com/questions/878504/can-only-ssh-unidirectional) I have two centos 7.2 server. One machine ip is 10.104.196.18, another machine is 10.240.197.21. I can successfully ssh from 10.104.196.18 to

root at ne-vlezay80:~# tcpdump -i tap0 -n tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on tap0, link-type EN10MB (Ethernet), capture size 262144 bytes 00:23:53.206672 ARP, Request who-has 10.194.0.2 tell 10.194.0.200, length 28 00:23:53.206691 ARP, Reply 10.194.0.2 is-at 52:54:00:38:b9:0b, length 28 00:23:53.710691 STP 802.1d, Config, Flags [none], bridge-id

Hi, yesterday we experienced a heavy request flooding from multiple servers being a domain member against our Samba Sernet DCs. All those servers are domain members and allow login using PAM (Samba+Winbind). Running TCPDump we had like 400 Requests per 5 seconds like this: tcpdump -i eth0 dst port 389 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0,

Hello, I've got an issue with RHEL6 running smbd & winbindd version 3.6.9-168.el6_5. This is authenticating against a Windows 2008R2 domain using the rid backend. If I run any command that has to look up user info I get a 35 second delay, after this initial delay it's fine until the cache time-out, then it happens again. This is making logins and most commands hang for 35 seconds

A problem here getting winbind traffic to be encrypted using Kerberos. I have set up a test environment with a pair of servers (actually lxc containers): - samba server (ubuntu 16.04, stock samba 4.3.11) - client machine (ubuntu 16.04) joined with "net ads join" and winbind The client machine has the following in /etc/samba/smb.conf: ------- [global] #netbios name = client-ad

Thomas B. R?cker (il 30/07/2014 23:26) ha scritto: You could run "tcpdump -ni eth0 port 8000" and try to access the > icecast web interface. If you don't see any output, then traffic to port > 8000 is blocked externally. good point of view. Ok, let's try: root at mail2:/home/spaziouser# tcpdump -ni eth0 port 8000 tcpdump: verbose output suppressed, use -v or -vv

Hi, I have three squeeze servers running: ii linux-image-2.6.32-5-xen-amd64 2.6.32-38 Linux 2.6.32 for 64-bit PCs, Xen dom0 support ii xen-hypervisor-4.0-amd64 4.0.1-4 The Xen Hypervisor on AMD64 All three servers have Intel gigabit NICs, but one server uses the e1000e driver and the other two use the igb driver. They've been in production for around 6 months now

Hi, I have three Debian squeeze servers running: ii linux-image-2.6.32-5-xen-amd64 2.6.32-38 Linux 2.6.32 for 64-bit PCs, Xen dom0 support ii xen-hypervisor-4.0-amd64 4.0.1-4 The Xen Hypervisor on AMD64 All three servers have Intel gigabit NICs, but one server uses the e1000e driver and the other two use the igb driver. They''ve been in production for around 6

https://bugzilla.netfilter.org/show_bug.cgi?id=1097 Bug ID: 1097 Summary: TARPIT function does not work in ip6tables Product: netfilter/iptables Version: unspecified Hardware: x86_64 OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component: ip6_tables (kernel) Assignee: