From owner-freebsd-security@FreeBSD.ORG Tue Dec 21 23:39:56 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CA8E21065670 for ; Tue, 21 Dec 2010 23:39:56 +0000 (UTC) (envelope-from michael.scheidell@secnap.com) Received: from mx1.secnap.com.ionspam.net (mx1.secnap.com.ionspam.net [204.89.241.253]) by mx1.freebsd.org (Postfix) with ESMTP id 92F278FC08 for ; Tue, 21 Dec 2010 23:39:56 +0000 (UTC) Received: from mx1.secnap.com.ionspam.net (mx1.secnap.com.ionspam.net [10.70.1.253]) by mx1.secnap.com.ionspam.net (Postfix) with ESMTP id A260B2B7C5E for ; Tue, 21 Dec 2010 18:39:55 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secnap.com; h= content-transfer-encoding:content-type:content-type:in-reply-to :references:subject:subject:mime-version:user-agent:from:from :date:date:message-id; s=dkim; t=1292974794; x=1294789194; bh=+b oAjuodLHlj20eWfCKkLdvPdj0ZRGnOtsO8qPIxYf8=; b=G4qM/yBVNOfQJ/UvOR jR+B/HKXm1FZrC6v6CRJLrFxjzIzbQ3nMMEWql7GKbCeuIZmxlJKc8QMDkdEB5LU JsRKptn/cl7Dh7kmxnGUp1wno2dr0c/l+5i2gajrG8twn2982+lknuMBe/c8KNQp xpKqgshKYz1SSf0X1q32R66hk= X-Amavis-Modified: Mail body modified (using disclaimer) - mx1.secnap.com.ionspam.net X-Virus-Scanned: SpammerTrap(r) VPS-1500 2.13 at mx1.secnap.com.ionspam.net Received: from USBCTDC001.secnap.com (usbctdc001.secnap.com [10.70.1.1]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mx1.secnap.com.ionspam.net (Postfix) with ESMTPS id EE6622B7C5D for ; Tue, 21 Dec 2010 18:39:54 -0500 (EST) Received: from macintosh.secnap.com (10.70.3.3) by USBCTDC001.secnap.com (10.70.1.1) with Microsoft SMTP Server (TLS) id 14.0.702.0; Tue, 21 Dec 2010 18:39:54 -0500 Message-ID: <4D113ACA.5050104@secnap.com> Date: Tue, 21 Dec 2010 18:39:54 -0500 From: Michael Scheidell User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7 MIME-Version: 1.0 To: References: <4D03A13F.7070204@secnap.com> In-Reply-To: <4D03A13F.7070204@secnap.com> Content-Type: text/plain; charset="ISO-8859-1"; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: packet capture and if_bridge ignore bpf rules X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Dec 2010 23:39:56 -0000 On 12/11/10 11:05 AM, Michael Scheidell wrote: > I am just not working on tracking this down, and sometimes like to use > tcpdump/tshark to watch specific packets on a host to look for > 'interesting' things. > I think I have seen this since 6.x I don't remember it on 5.x, but > 5.x used 'bridge' and 6.x and 7.x are using if_bridge. > > system is 7.3, amd64. tried this on 6.x amd64, and i386. same results. > googled a lot and didn't see anything I could use. > im an idiot. its vlan trunked traffic, for tagged vlan packets. on the systems that don't look like they work: (tshark|tcpdump) -niem0 vlan and net 204.89.241.0/24 works just fine. -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300 >*| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best in Email Security,2010: Network Products Guide * King of Spam Filters, SC Magazine 2008 ______________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ ______________________________________________________________________ From owner-freebsd-security@FreeBSD.ORG Fri Dec 24 20:43:37 2010 Return-Path: Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EE171106566C for ; Fri, 24 Dec 2010 20:43:37 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx23.fluidhosting.com [204.14.89.6]) by mx1.freebsd.org (Postfix) with ESMTP id 7E6F18FC0C for ; Fri, 24 Dec 2010 20:43:37 +0000 (UTC) Received: (qmail 26998 invoked by uid 399); 24 Dec 2010 20:16:55 -0000 Received: from localhost (HELO doug-optiplex.ka9q.net) (dougb@dougbarton.us@127.0.0.1) by localhost with ESMTPAM; 24 Dec 2010 20:16:55 -0000 X-Originating-IP: 127.0.0.1 X-Sender: dougb@dougbarton.us Message-ID: <4D14FFB6.8090802@FreeBSD.org> Date: Fri, 24 Dec 2010 12:16:54 -0800 From: Doug Barton Organization: http://SupersetSolutions.com/ User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.2.13) Gecko/20101210 Thunderbird/3.1.7 MIME-Version: 1.0 To: freebsd-doc@FreeBSD.org X-Enigmail-Version: 1.1.2 OpenPGP: id=1A1ABC84 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-security@FreeBSD.org Subject: Intermediate doc hacker project: Document security releases on the web site X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Dec 2010 20:43:38 -0000 Currently (unless I'm really missing something) there is no listing of security release on the web site. The closest we get is looking up src/UPDATING for the release branch in svn (e.g., http://svn.freebsd.org/viewvc/base/releng/7.3/UPDATING?revision=216063&view=markup). So I'm suggesting that if someone is interested in an "intermediate" level project that fixing this would be welcome. :) Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ From owner-freebsd-security@FreeBSD.ORG Sat Dec 25 14:58:06 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D6571106566B for ; Sat, 25 Dec 2010 14:58:06 +0000 (UTC) (envelope-from fabian@wenks.ch) Received: from batman.home4u.ch (batman.home4u.ch [IPv6:2001:8a8:1005:1::2]) by mx1.freebsd.org (Postfix) with ESMTP id 6EC118FC0A for ; Sat, 25 Dec 2010 14:58:05 +0000 (UTC) X-Virus-Scanned: amavisd-new at home4u.ch Received: from flashback.wenks.ch (flashback.wenks.ch [62.12.173.4]) (authenticated bits=0) by batman.home4u.ch (8.14.3/8.14.3) with ESMTP id oBPEvuCB061695 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO) for ; Sat, 25 Dec 2010 15:58:04 +0100 (CET) (envelope-from fabian@wenks.ch) Message-ID: <4D16066F.4020809@wenks.ch> Date: Sat, 25 Dec 2010 15:57:51 +0100 From: Fabian Wenk User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7 MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <4D14FFB6.8090802@FreeBSD.org> In-Reply-To: <4D14FFB6.8090802@FreeBSD.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Intermediate doc hacker project: Document security releases on the web site X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Dec 2010 14:58:06 -0000 Hello Doug On 24.12.10 21:16, Doug Barton wrote: > Currently (unless I'm really missing something) there is no listing of > security release on the web site. The closest we get is looking up What about the Security Advisories at [1]? It is linked from the main page. [1] http://www2.ch.freebsd.org/security/advisories.html bye Fabian