The pope is telling people to engage in dialogue with people of different cultures and religions? The same pope that blamed atheists for global warming and "the greatest forms of cruelty and violations of justice" known to mankind?
You sound as if you think the bible/quran/tnch are peaceful books. I suggest you read them, they're full of rape, pillaging, infanticide, genocide, etc.
The godhatesfags for instance people are hatemongers, but they're only following the bible to the letter (yes, I'm aware that they too interpret what they read).
Vi asian girlfriend just stands there looking pretty, but if you thought you were going to get anything done, you're sadly mistaken. It'll take you a week to figure out how to get that dress off...
FreeBSD uses pf (well, it can use pf if you want to) as a packet filter. It has the wonderful option to filter traffic according to the OS fingerprint, as in you can block traffic originating from specific operating systems. I'd advice this guy to block all traffic from these dlink devices. If there's no fingerprint on record yet you could generate it yourself, it's not that difficult to generate one.
FYI [url=http://marc.theaimsgroup.com/?l=openbsd-misc& m=110367779309205&w=2]here's the post to misc@ we were talking about[/url] (the one about the ssh patch).
As you may see Ingo uses pfctl, a tool you can use to control pf, the OpenBSD packet filter. If this patch is committed as is one of the problems will be that it only works on OpenBSD. Adding support for every other conceivable OS's packet filter is not really an option, you sshd may run on a totally different arch than the ssh daemon, so how should sshd know what to do? Please don't say configuration file options.
One way to solve it would be to add connection rate tracking capabilities to sshd itself, introducing a level of complexity normally only found when creating sound firewalling rulesets.
Another way would be to parse a logfile of your choice for violations of your choice and feed the resulting IPs to the firewalling ruleset of your choice. Requires a little script (that could be provided by whoever provides you with an operating system) and less configuration than the previous option.
Personally I understand why the OpenSSH team chose not to add this feature. When I said shouldn't in my previous post I was more thinking along the lines of "please save yourself the trouble" or "think of the children";).
No. I want rate limiting (or blocking) only for unsuccessful login tries, not for successful logins. That cannot be done with a firewall, since the firewall doesn't know about login success or not.
I beg to differ. You want to limit the number of times you can connect per second on a per IP basis. Even if they're a legitimate user, if someone initiates too many connections per second you'll want to limit that.
I'm no MS fanboy by any means, but I am a businessman and an entrepreneur, and I don't see the problem. If you don't like their policies, don't buy their products. If you want a better deal, consider the expectations that come with any agreement or contract to secure that pricing.
So... if I don't like MicroSoft I shouldn't buy a pc?
A lots of people/companies asked the OpenSSH group to include the ability to include rate limiting due to large SSH user/dictionary attacks being run by script kiddies. One person even WROTE it for them. I believe the OpenSSH group's response was "Not an ssh problem."
It's not an ssh problem. Connection rate limiting is something you really want to do with a firewalling solution.
If the reason the US got involved in WWII was their hatred of fascism, why did they wait until after the attack on Pearl Harbor? Surely the annexation of Austria or the invasion of Poland would have been enough reason.
And as for the currnt US government being able to recognize the smell of fascism, they should. It's really hard to wash that smell away.
Changes in the environment cause 'evolution'. If the changes are gradual, species will have longer to adapt. If the changes are sudden, then affected species have to adapt rapidly or become extinct.
Mod parent up as insightful please. I have installed OpenBSD on more 486s and p90s than I can remember, perfect as a firewall for securing your home network.
Slashdot Mirror
The pope is telling people to engage in dialogue with people of different cultures and religions? The same pope that blamed atheists for global warming and "the greatest forms of cruelty and violations of justice" known to mankind?
That pope?
Which makes this kind of hard to explain, doesn't it?
No. The author himself has every right to change the license.
You sound as if you think the bible/quran/tnch are peaceful books. I suggest you read them, they're full of rape, pillaging, infanticide, genocide, etc.
The godhatesfags for instance people are hatemongers, but they're only following the bible to the letter (yes, I'm aware that they too interpret what they read).
They should have thought of all that /before/ they published their product.
Vi asian girlfriend just stands there looking pretty, but if you thought you were going to get anything done, you're sadly mistaken. It'll take you a week to figure out how to get that dress off...
:%s/clothes//g
You're absolutely right, I forgot os fingerprinting is a tcp syn only thing.
FreeBSD uses pf (well, it can use pf if you want to) as a packet filter. It has the wonderful option to filter traffic according to the OS fingerprint, as in you can block traffic originating from specific operating systems. I'd advice this guy to block all traffic from these dlink devices.
If there's no fingerprint on record yet you could generate it yourself, it's not that difficult to generate one.
I shouldn't post when I'm half asleep :\
FYI [url=http://marc.theaimsgroup.com/?l=openbsd-misc& m=110367779309205&w=2]here's the post to misc@ we were talking about[/url] (the one about the ssh patch).
;).
As you may see Ingo uses pfctl, a tool you can use to control pf, the OpenBSD packet filter. If this patch is committed as is one of the problems will be that it only works on OpenBSD. Adding support for every other conceivable OS's packet filter is not really an option, you sshd may run on a totally different arch than the ssh daemon, so how should sshd know what to do? Please don't say configuration file options.
One way to solve it would be to add connection rate tracking capabilities to sshd itself, introducing a level of complexity normally only found when creating sound firewalling rulesets.
Another way would be to parse a logfile of your choice for violations of your choice and feed the resulting IPs to the firewalling ruleset of your choice. Requires a little script (that could be provided by whoever provides you with an operating system) and less configuration than the previous option.
Personally I understand why the OpenSSH team chose not to add this feature. When I said shouldn't in my previous post I was more thinking along the lines of "please save yourself the trouble" or "think of the children"
I beg to differ. You want to limit the number of times you can connect per second on a per IP basis.
Even if they're a legitimate user, if someone initiates too many connections per second you'll want to limit that.
So... if I don't like MicroSoft I shouldn't buy a pc?
It's not an ssh problem. Connection rate limiting is something you really want to do with a firewalling solution.
Compare them? I just hope he'll sign mine
I love ponies. Do you love ponies too?
Ahhh.
You're cute, so I baked you a pony!
Next time you're in Europe I'm buying you a beer.
I don't think they are any robots that implement the three laws, if I'm wrong please correct me.
Go stand around any industrial robot arm, turn off all safeties and then let the arm do what it normally does. Now move into it's path.
That's not a law but an assumption.
You're a loony
[i]The Bible, thus far, has proven completely compatible with all modern science as we know it.[/i]
I bet they told you that in church, right?
If the reason the US got involved in WWII was their hatred of fascism, why did they wait until after the attack on Pearl Harbor? Surely the annexation of Austria or the invasion of Poland would have been enough reason.
And as for the currnt US government being able to recognize the smell of fascism, they should. It's really hard to wash that smell away.
Changes in the environment cause 'evolution'. If the changes are gradual, species will have longer to adapt. If the changes are sudden, then affected species have to adapt rapidly or become extinct.
calling it a rootkit is an exaggeration
No, it's not.
Mod parent up as insightful please.
I have installed OpenBSD on more 486s and p90s than I can remember, perfect as a firewall for securing your home network.
I admire your courage, welcome to slashdot.
It's going to set fire to houses and KILL PEOPLE!!
You mean like this?