Results tagged “openbsd” from madness.at

In this interview, Ryan McBride discusses the development of CARP (Common Address Redundancy Protocol), explaining what it is and how it works. He reflects on patents and the difficulties OpenBSD has faced trying to work with IANA. Finally, he also highlights some of the new functionality that will be found in the upcoming release of OpenBSD 3.5.

OpenBSD developer Ryan McBride has put up a small article, explaining the new firewall redundancy features (pfsync, CARP) in the upcoming OpenBSD 3.5 release. CARP (Common Address Redundancy Protocol) is a free alternative to the patent-encumbered VRRP, responsible for electing masters in a firewall cluster, while pfsync syncronizes packet filter state information among nodes.

If you use strings on Microsoft's Services for Unix (SFU) interoperability suite which was developed by Interex you find that it is largely composed of source from the OpenBSD 3.0 source tree according to a recent deadly.org article.

Passive operating system fingerprinting was just committed to PF which exposes the source host's OS to the filter language. Powerful policy enforcement is now possible such as redirecting all older windows boxes to a web site telling them to upgrade. Or blocking all windows boxes from connecting to mail servers (damn worms). In order to contribute to the OS fingerprint database go to http://lcamtuf.coredump.cx/p0f-help/ .

IPsec can be used as a replacement to WEP in the following scenarios. Joshua Stein has implemented IPsec on OpenBSD with manual keying between a router and a client as a replacement. Also, Thomas Walpuski describes in detail the configuration of an IPsec Host-to-Host connection between OpenBSD and Windows XP Professional with Authentication via X.509v3 Certificates."

Unterlagen des Vortrages von Henning Brauer und Markus Friedl zum Thema OpenSSH und OpenBSD, im Hinblick auf Historische Aspekte, verwendete Technologien, Verbreitungsstatistiken und die Möglichkeiten zur Hardwarebeschleunigung.

A presentation by Mike Frantzen (frantzen@openbsd.org) about the history, some rulesets, stateful-inspection and the upcoming 3.3 features of OpenBSD's packet filter.

On Tuesday, February 25th, 2003, 18:00 MST -- OpenBSD lead developer Theo de Raadt will speak about some of the recent changes in OpenBSD that are leading the way to the complete elimination of "buffer overflow" security risks and attacks. Snacks, refreshments and a prize draw will also be featured. Admission for *unregistered* non-members is $10. For more information or to register email: office@cuug.ab.ca

"Patching is something that any OpenBSD administrator ought to do as soon as patches are available, because leaving your system unpatched is simply asking for trouble. OpenBSD and OpenSSH have recently become targets for hackers looking for new fields to explore, and we all need to be on guard."