Search results

These are my two personal favorites: "Real eyes realize real lies." "What would you do if you knew you could not fail? (... and why are you not doing it?)" I'm not sure who the original author is of any of them, however.

Also, software keyloggers are not the only ones to worry about. Hardware keyloggers are orders of magnitude harder to detect. With some, it might be not possible at all to detect them from the operating system point of view. You could install webcams to have 360-degree view of your system...

For the record: it turned out the highly available default gateway behind the switch and/or the vSwitch itself is probably misconfigured. When the OpenVPN client was looking for the gateway by sending an ARP request (L2 broadcast), the same packet came back on the same interface. This...

I didn't use the same technique to measure the bandwidth for L2 and for L3. When using iperf, I'm getting approximately 400 Mbit/s for both. When downloading a file from a webserver using fetch, the bandwidth drops to 100 Mbit/s. I am still under the impression, however, that bridged OpenVPN...

I am experiencing strange problems with bridging on 9.1-RELEASE with the GENERIC kernel running on ESXi 5.0. I have a fairly standard bridged security/openvpn server listening on vmx3f0 on port UDP/1194. The traffic leaves on the tap0 interface which is bridged to the vmx3f1 interface...

I'm having the same problem. There's no login screen after the start of GDM. I'm using Enlightenment for now. I would use KDM and start Gnome from there but KDM is not packaged separately. I'd have to compile all of KDE.

What you're looking for is sometimes called a "SIEM", i.e. Security Information and Event Management. There are many commercial products that claim to be SIEMs. There is a couple of opensource ones. The one I could find in FreeBSD Ports collection is security/ossec-hids-server. According the...

Quite the opposite: different groups of people are responsible for different parts of the infrastructure. If you encrypt the root device and all other devices and enforce the passphrase prompt during the boot of a virtual machine, the virtualization administartors, backup administrators and...

Firstly, I find this guide is simple and explains what is being done. Is it one of those you considered insufficient? Secondly, by "encrypting the server" to do you mean running a script that will fully encrypt the harddrive (except the bootloader in /boot), or installing an encrypted server...

Unfortunately, this no longer seems to be true, at least not for 9.1-RELEASE. I have www/chromium built from ports # pkg info | grep chromium chromium-29.0.1547.65 Mostly BSD-licensed web browser based on WebKit and Gtk+ When trying to switch to PC-BSD pkgng repository on...

For the record: the choice of www/publicfile as a webserver wasn't really good. It was possible to manually fetch the repository files, however pkg update failed. If www/squid was put in the middle as a proxy, pkg update started working. This wasn't an acceptable solution, however. Using...

You're right! After updating ports-mgmt/pkg from ports to the latest and the same version, the client is now able to use the repository. # pkg update Updating repository catalogue Incremental update completed, 0 packages processed: 0 packages updated, 0 removed and 0 added. Thank you! :beer...

I use ports-mgmt/poudriere-devel to build a pkgng repository that contains (for now) a single package net/openntpd. I made the repository available to the clients using www/publicfile. I set up the client machine to use the repository. $ cat /usr/local/etc/pkg.conf # System-wide configuration...

Is your harddrive in good shape?

Contrary to what I've writted previously, I didn't want to filter traffic on lo0 interface. (I had to dig deeper through my own documentation to realize this. :) ) I followed this howto which suggested pass on lo0 all no state. This however didn't allow the traffic to pass. Reading the...

Thanks. I know pf can keep state for UDP. However, since UDP itself is stateless, pf is not really able to tell when a "connection" is finished. Thus, the state has to expire (by default in 30 seconds). My dnscache is fairly busy and would generate many states. This would give me one more...

I'm a little confused now, as I believe I do have a rule allowing loopback traffic. pass on lo0 all no state I also have default rules blocking IPv4 UDP traffic on the em0 interface # Default UDP policy - incoming and "sessions" block in log on $EXT_NIC inet proto udp all # Default UDP...

The official dnscache-conf configuration utility defaults to 127.0.0.1 or accepts an explicitly specified IP address In any case, it's a single address. Please, let's get back to the original problem: how to allow traffic on em0 interface using the external IP addresses.

Thank you for the quick response. This would allow much more traffic than needed. All I really want to allow is UDP/53 traffic. Anything else should be blocked and logged so I know what is going on with the machine. In order to listen on the network, dnscache has to listen on an external IP...

I'm having trouble with accessing my DNS caching resolver from within the machine it runs on. I have dnscache set up listening for network queries from clients dnscache dnscache 31267 3 udp4 192.0.2.53:53 *:* dnscache dnscache 31267 4 tcp4 192.0.2.53:53 *:* To allow...