Quick question: could Snort handle IP traffic in PPPoE? I have a DSL modem and a router in a separate VLAN with the modem's port mirrored to another port. The modem only sees PPPoE, hence the question.
I wasn't necessarily implying that one update would take several seconds. I was thinking more like one update that takes maybe 0.5 seconds but occured not very often.
While 2fps would be too low for animations, it would be enough for a character change during holding shift, wouldn't it?
strange bittorrent stuff from the internet that for some reason gets bounced around my entire network.
Umm, WHAT? Can you elaborate? This sounds like NAT without a filter. I often seen packets from 192.168.0.2 trying to enter my border router(!). NAT is no security measure!
Exactly. Many people confuse choice with a good standard. I may want to choose how my desktop looks like, but even as an end user I'd want a standard library.
After all, you don't see two different GTK toolkits for XFree86 vs. XOrg, do you?
The worst thing are libraries that are too specific and will be used by only one app, the one the developer wrote the library for. Instead of improving a code base, developers hack their own thing. As soon as the hack created a dependency where other apps depend on it, you're stuck with it. Most of the time, the re-writes lack another thing that the next developer wants, but instead of implementing it.. wait for it.. he'll write the third incarnation of it. Ad nauseum.
...and bends over to the next website that wants to run the trojan of the day on your box.
"Microsoft has announced plans to release a javascript client framework library for use with ASP.NET 2.0 that makes AJAX style browser clients easier to code"? Alarm bells are ringing.
When I'm downloading at a full 4Mbit via http, I'm almost completely saturating the 512Kbit upstream.
If it were really 50Mbit downstream, they'd need to give something like 8Mbit up, or at the very least 4.
I call BS. The overhead for ACKs on a pure download is _not that_ high. I ran netstat -bI 1 while downloading a file via HTTP:
376704 9420 323586 9708 378421 9724 377904 9228
First number is bytes down, second is bytes up over the last second. The ratio is roughly 40:1. You must have done something wrong saturating half an Mbit with a 4Mb download.
How does high thermal energy automatically relate to danger due to explosion? You don't see steel melting facilities explode all day, do you? I guess if the containment fails, all you get is some hot goo falling down and maybe a nice burn hole in the ground.
What has become of simple HTTP downloads with relative paths? The whole binary could have been picked up by Coral. But nooooo, it has to be a fancy "download.php" with a parameter "go=yes"?! WTF? Is everyone growing retarded these days?
Agreed, a transparent bridge with pf on top is like a piece of Cat5 cable that selectively filters traffic. Very cool.
Unless there's a flaw in the network stack itself[1], the box is not reachable and thus not hackable.
[1] has anyone ever seen a flaw in a network stack[2] that was not just a DoS but could lead to remote compromise? [2] in real operating systems, not Zone Alarm or similar idiocy.
Joking aside, I remember reading that pf's performance actually increases with stateful filtering vs. stateless filtering because looking up an entry in a state table is much faster than walking the ruleset for each packet. I also read that there is virtually no performance loss even with thousands of states.
Does anyone else remember the warez newbies crying that their off-the-shelf blackbox router crashes if their P2P app opens too many connections? Now you may laugh.
You can eliminate 9 of those keys if you'd use the scroll wheel on your mouse to switch weapons
+
You can even go so far as to be able to map your mouse to strafe if you got a tilting scroll wheel.
You try strafing around an enemy and shooting him without accidentally switching weapons. Strafe is _the_ most essential movement in FPS when you play against human opponents.
Slashdot Mirror
Quick question: could Snort handle IP traffic in PPPoE? I have a DSL modem and a router in a separate VLAN with the modem's port mirrored to another port. The modem only sees PPPoE, hence the question.
I've been buying the Mirror or the Sun newspapers with naked female breasts since I was 9.
Didn't know they do implants on 9 year olds. Bet you were favourite in school then?
I wasn't necessarily implying that one update would take several seconds. I was thinking more like one update that takes maybe 0.5 seconds but occured not very often.
While 2fps would be too low for animations, it would be enough for a character change during holding shift, wouldn't it?
I think accusing them to do this deliberately is a bit far stretched.
I think this saying fits here:
"Never attribute to malice what can be easily explained by stupidity."
Just how slow is it? It's not like you'd be running animations on the keyboard, although that would increase the coolness factor.
Most of the time, though, you would have a single update in seconds instead of several updates per second.
Actually, switches with 802.1x port based access control would be even better. MAC addresses can be faked.
strange bittorrent stuff from the internet that for some reason gets bounced around my entire network.
Umm, WHAT? Can you elaborate? This sounds like NAT without a filter. I often seen packets from 192.168.0.2 trying to enter my border router(!). NAT is no security measure!
Here's what our thoughtful, considerate critic Maddox has to say about the issue: http://www.thebestpageintheuniverse.net/c.cgi?u=ba nish . Amusing read, as is all of his stuff.
Exactly. Many people confuse choice with a good standard. I may want to choose how my desktop looks like, but even as an end user I'd want a standard library.
After all, you don't see two different GTK toolkits for XFree86 vs. XOrg, do you?
The worst thing are libraries that are too specific and will be used by only one app, the one the developer wrote the library for. Instead of improving a code base, developers hack their own thing. As soon as the hack created a dependency where other apps depend on it, you're stuck with it. Most of the time, the re-writes lack another thing that the next developer wants, but instead of implementing it.. wait for it.. he'll write the third incarnation of it. Ad nauseum.
Every distro out there is an experiment in what works and what doesn't.
Exactly that's why I can choose the network protocol to reach Slashdot, right? Oh, has to be TCP/IP you say? Where is my choice?!
Next you tell me I have to use HTTP to read comments and can't pick something I want..
It's about choice, right?
Right?
*crickets*
Actually, it's sshd_config.
CD? certainly cheap, and at a guess 50% of computers now have them, but they are BIGGER than what they're replacing.
There are 8cm CDs with over 200MB storage capacity, you know.
Protect Your Windows Network: From Perimeter to Data.
Who in his fucking right mind would put Windows boxes at the edge of his network?! If you must use it, at least use a proper OS for babysitting.
Among the results is this.
:)
Now I know what it's like to use Linux. Thanks.
...and bends over to the next website that wants to run the trojan of the day on your box.
"Microsoft has announced plans to release a javascript client framework library for use with ASP.NET 2.0 that makes AJAX style browser clients easier to code"? Alarm bells are ringing.
When I'm downloading at a full 4Mbit via http, I'm almost completely saturating the 512Kbit upstream.
If it were really 50Mbit downstream, they'd need to give something like 8Mbit up, or at the very least 4.
I call BS. The overhead for ACKs on a pure download is _not that_ high. I ran netstat -bI 1 while downloading a file via HTTP:
376704 9420
323586 9708
378421 9724
377904 9228
First number is bytes down, second is bytes up over the last second. The ratio is roughly 40:1. You must have done something wrong saturating half an Mbit with a 4Mb download.
How does high thermal energy automatically relate to danger due to explosion? You don't see steel melting facilities explode all day, do you? I guess if the containment fails, all you get is some hot goo falling down and maybe a nice burn hole in the ground.
What has become of simple HTTP downloads with relative paths? The whole binary could have been picked up by Coral. But nooooo, it has to be a fancy "download.php" with a parameter "go=yes"?! WTF? Is everyone growing retarded these days?
</rant>
Agreed, a transparent bridge with pf on top is like a piece of Cat5 cable that selectively filters traffic. Very cool.
Unless there's a flaw in the network stack itself[1], the box is not reachable and thus not hackable.
[1] has anyone ever seen a flaw in a network stack[2] that was not just a DoS but could lead to remote compromise?
[2] in real operating systems, not Zone Alarm or similar idiocy.
I use WRAP with NetBSD.
Compact Flash based, 3x Ethernet + MiniPCI slot, drawing ~5W, totally silent. Love it.
PS: that was the link I missed: http://kerneltrap.org/node/477
Joking aside, I remember reading that pf's performance actually increases with stateful filtering vs. stateless filtering because looking up an entry in a state table is much faster than walking the ruleset for each packet. I also read that there is virtually no performance loss even with thousands of states.
Does anyone else remember the warez newbies crying that their off-the-shelf blackbox router crashes if their P2P app opens too many connections? Now you may laugh.
OP is a troll.
You can eliminate 9 of those keys if you'd use the scroll wheel on your mouse to switch weapons
+
You can even go so far as to be able to map your mouse to strafe if you got a tilting scroll wheel.
You try strafing around an enemy and shooting him without accidentally switching weapons. Strafe is _the_ most essential movement in FPS when you play against human opponents.
How is that different from the parent who said gigabits?
One is Gb, the other is Gbps.
Here, the difference in bold: per second
HAND