From owner-freebsd-security@FreeBSD.ORG Sun Dec 21 12:05:33 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C442116A4CF for ; Sun, 21 Dec 2003 12:05:33 -0800 (PST) Received: from ip-213-17-211-16.broker.com.pl (ip-213-17-211-16.broker.com.pl [213.17.211.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8BC6043D68 for ; Sun, 21 Dec 2003 12:05:24 -0800 (PST) (envelope-from zk@wspim.edu.pl) Received: from hhos.serious.ld (localhost.serious.ld [127.0.0.1]) hBLK5KP1001069 for ; Sun, 21 Dec 2003 21:05:20 +0100 (CET) (envelope-from zk@wspim.edu.pl) Received: (from zk@localhost) by hhos.serious.ld (8.12.9p2/8.12.8/Submit) id hBLK5JOx001068 for freebsd-security@freebsd.org; Sun, 21 Dec 2003 21:05:19 +0100 (CET) Date: Sun, 21 Dec 2003 21:05:19 +0100 From: zk To: freebsd-security@freebsd.org Message-ID: <20031221200519.GD465@hhos.serious.ld> References: <20031219162648.GA76539@blurp.one.pl> <20031219170339.48E40D2@ken.ccs.sut.ru> <20031220014231.GA23229@blurp.one.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031220014231.GA23229@blurp.one.pl> User-Agent: Mutt/1.4.1i Subject: Re: Configuring JAIL to bind on lo0 interface X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Dec 2003 20:05:33 -0000 On Sat, Dec 20, 2003 at 02:42:31AM +0100, GiZmen wrote: > > As i understood your problem you need addition alias on lo0 interface > > for gateway ip purpose. So you have lo0 interface and lo0_alias0 > > 192.168.1.1 as default gateway for jails. And now you create new jails' > > ip as aliases on lo0 iface. > > > > For example: > > > > no jail, only gateway - lo0_alias0 192.168.1.1/24 > > > > jail1 - lo0_alias1 192.168.1.2/24 - hostname jail1.domain.com > > in this jail set default gateway to 192.168.1.1 > > > > jail2 - lo0_alias2 192.168.1.3/24 - hostname jail2.domain.com > > in this jail set default gateway to 192.168.1.1 also > > > > Your host machine have to be gateway enabled. > > > > Now if you want to switch on internet access from jail1 you only need to > > add nat rule to translate jail1's ip to the host primary ip. > > > > Alesha. > > I dont know how can it work? AFAIK in jail i cant change the default > gateway. > Don't set default gateways in jails. You can use something like this ipfw add divert natd all from any to any via (...) -- rules to allow nated packets to pass packets from jails. To allow traffic from outside to your server on private address you can try: ipfw add fwd from any to in recv or ipfw divert with another natd process. It's possible to configure lo1, lo2 ... interfaces with diffrent addreses (with pseudo-device loop in kernel config file). I've described FreeBSD 4.x. zk From owner-freebsd-security@FreeBSD.ORG Sun Dec 21 23:07:47 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 46A6716A4CE for ; Sun, 21 Dec 2003 23:07:47 -0800 (PST) Received: from nerve.riss-telecom.ru (nerve.riss-telecom.ru [80.66.65.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id BE0CD43D7B for ; Sun, 21 Dec 2003 23:07:41 -0800 (PST) (envelope-from frol@nerve.riss-telecom.ru) Received: from nerve.riss-telecom.ru (localhost [127.0.0.1]) hBM768Z8090546 for ; Mon, 22 Dec 2003 13:06:08 +0600 (NOVT) (envelope-from frol@nerve.riss-telecom.ru) Received: (from frol@localhost) by nerve.riss-telecom.ru (8.12.8p1/8.12.8/Submit) id hBM768OY090545 for freebsd-security@freebsd.org; Mon, 22 Dec 2003 13:06:08 +0600 (NOVT) Date: Mon, 22 Dec 2003 13:06:07 +0600 From: Dmitry Frolov To: freebsd-security@freebsd.org Message-ID: <20031222070607.GA90164@nerve.riss-telecom.ru> Mail-Followup-To: freebsd-security@freebsd.org References: <20031221002814.39893.qmail@web60806.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031221002814.39893.qmail@web60806.mail.yahoo.com> Organization: RISS-Telecom, JSC X-PGP-Fingerprint: 5232 98E7 596E 21C2 52B5 FCAE 8088 3F87 88BC 27B0 User-Agent: Mutt/1.5.1i Subject: Re: interface bonding X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Dec 2003 07:07:47 -0000 * Richard Bejtlich [21.12.2003 06:27]: > I appreciate any hints on creating a virtual interface > to use for sniffing with ng_one2many. If you can > help me do that I'll use ng_one2many instead of > ng_fec. ng_fec doesn't have a man page, which is > enough for me to avoid it if possible. :) There is ng_eiface netgraph node type which is also a virtual ethernet interface. But it doesn't have manpage too. ;) wbr&w, dmitry. -- Dmitry Frolov RISS-Telecom Network, Novosibirsk, Russia 66415911@ICQ, +7 3832 NO WA1T, DVF-RIPE From owner-freebsd-security@FreeBSD.ORG Mon Dec 22 10:48:13 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A6D2A16A4CE for ; Mon, 22 Dec 2003 10:48:13 -0800 (PST) Received: from web60808.mail.yahoo.com (web60808.mail.yahoo.com [216.155.196.71]) by mx1.FreeBSD.org (Postfix) with SMTP id 9D6E343D48 for ; Mon, 22 Dec 2003 10:48:12 -0800 (PST) (envelope-from richard_bejtlich@yahoo.com) Message-ID: <20031222184812.87890.qmail@web60808.mail.yahoo.com> Received: from [68.84.6.72] by web60808.mail.yahoo.com via HTTP; Mon, 22 Dec 2003 10:48:12 PST Date: Mon, 22 Dec 2003 10:48:12 -0800 (PST) From: Richard Bejtlich To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: interface bonding X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Dec 2003 18:48:13 -0000 Thanks to Dmitry's tip on ng_eiface, I'm happy to report using the following configuration to bond interfaces with ng_one2many and a virtual interface ngeth0. sf2 and sf3 are real interfaces connected to my 10/100 tap. -- kldload ng_ether kldload ng_one2many ifconfig sf2 promisc -arp up ifconfig sf3 promisc -arp up ngctl mkpeer . eiface hook ether ngctl mkpeer ngeth0: one2many lower one ngctl connect sf2: ngeth0:lower lower many0 ngctl connect sf3: ngeth0:lower lower many1 ifconfig ngeth0 -arp up -- It works: bourque# tcpdump -n -i ngeth0 icmp tcpdump: WARNING: ngeth0: no IPv4 address assigned tcpdump: listening on ngeth0 13:42:49.322474 86.84.6.72 > 216.239.39.99: icmp: echo request 13:42:49.340745 216.239.39.99 > 86.84.6.72: icmp: echo reply Sincerely, Richard Bejtlich http://www.taosecurity.com __________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/ From owner-freebsd-security@FreeBSD.ORG Mon Dec 22 10:52:35 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F39C416A4CE for ; Mon, 22 Dec 2003 10:52:34 -0800 (PST) Received: from diaspar.rdsnet.ro (diaspar.rdsnet.ro [213.157.165.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id B104843D58 for ; Mon, 22 Dec 2003 10:52:31 -0800 (PST) (envelope-from dudu@diaspar.rdsnet.ro) Received: (qmail 57698 invoked by uid 89); 22 Dec 2003 18:52:34 -0000 Received: from unknown (HELO diaspar.rdsnet.ro) (dudu@diaspar.rdsnet.ro@213.157.165.224) by 0 with AES256-SHA encrypted SMTP; 22 Dec 2003 18:52:34 -0000 Date: Mon, 22 Dec 2003 20:52:31 +0200 From: Vlad Galu To: freebsd-security@freebsd.org Message-Id: <20031222205231.7bad28ab.dudu@diaspar.rdsnet.ro> In-Reply-To: <20031222184812.87890.qmail@web60808.mail.yahoo.com> References: <20031222184812.87890.qmail@web60808.mail.yahoo.com> X-Mailer: Sylpheed version 0.9.8a (GTK+ 1.2.10; i386-portbld-freebsd4.9) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="Signature=_Mon__22_Dec_2003_20_52_31_+0200_kv.B0LcOf/10LSOt" Subject: Re: interface bonding X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Dec 2003 18:52:35 -0000 --Signature=_Mon__22_Dec_2003_20_52_31_+0200_kv.B0LcOf/10LSOt Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 7bit Richard Bejtlich writes: |Thanks to Dmitry's tip on ng_eiface, I'm happy to |report using the following configuration to bond |interfaces with ng_one2many and a virtual interface |ngeth0. | Thanks for the tip. I have one question, though. Is the throughtput of the ngeth0 interface equal to the sum of the throughtput on each physical interface ? During my tests with ng_fec I noticed that the setup was only capable of failover; it only transferred frames on one interface. If the interface went down for some reason, it switched to the other one. ---- If it's there, and you can see it, it's real. If it's not there, and you can see it, it's virtual. If it's there, and you can't see it, it's transparent. If it's not there, and you can't see it, you erased it. --Signature=_Mon__22_Dec_2003_20_52_31_+0200_kv.B0LcOf/10LSOt Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/5z1xP5WtpVOrzpcRAkSgAJwPSN5hBjGjY/cAoDX8M4Hbs1S3yQCfXLMh QFTQM8f0/mtwy4dHu7hDwMs= =h4BM -----END PGP SIGNATURE----- --Signature=_Mon__22_Dec_2003_20_52_31_+0200_kv.B0LcOf/10LSOt-- From owner-freebsd-security@FreeBSD.ORG Mon Dec 22 12:13:44 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ADAB916A4CE for ; Mon, 22 Dec 2003 12:13:44 -0800 (PST) Received: from phantom.cris.net (phantom.cris.net [212.110.130.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id 86E9743D50 for ; Mon, 22 Dec 2003 12:13:41 -0800 (PST) (envelope-from ru@FreeBSD.org.ua) Received: from phantom.cris.net (ru@localhost [127.0.0.1]) by phantom.cris.net (8.12.10/8.12.10) with ESMTP id hBMKDfl7098463; Mon, 22 Dec 2003 22:13:42 +0200 (EET) (envelope-from ru@FreeBSD.org.ua) Received: (from ru@localhost) by phantom.cris.net (8.12.10/8.12.10/Submit) id hBMKDfRE098458; Mon, 22 Dec 2003 22:13:41 +0200 (EET) (envelope-from ru) Date: Mon, 22 Dec 2003 22:13:41 +0200 From: Ruslan Ermilov To: Richard Bejtlich Message-ID: <20031222201341.GA98235@FreeBSD.org.ua> References: <20031222184812.87890.qmail@web60808.mail.yahoo.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="NzB8fVQJ5HfG6fxh" Content-Disposition: inline In-Reply-To: <20031222184812.87890.qmail@web60808.mail.yahoo.com> User-Agent: Mutt/1.5.5.1i cc: freebsd-security@freebsd.org Subject: Re: interface bonding X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Dec 2003 20:13:44 -0000 --NzB8fVQJ5HfG6fxh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Dec 22, 2003 at 10:48:12AM -0800, Richard Bejtlich wrote: > Thanks to Dmitry's tip on ng_eiface, I'm happy to > report using the following configuration to bond > interfaces with ng_one2many and a virtual interface > ngeth0. >=20 > sf2 and sf3 are real interfaces connected to my 10/100 > tap. > -- > kldload ng_ether > kldload ng_one2many > ifconfig sf2 promisc -arp up > ifconfig sf3 promisc -arp up > ngctl mkpeer . eiface hook ether > ngctl mkpeer ngeth0: one2many lower one > ngctl connect sf2: ngeth0:lower lower many0 > ngctl connect sf3: ngeth0:lower lower many1 > ifconfig ngeth0 -arp up > -- >=20 > It works: >=20 You can also try to dispense with ng_ether(4) completely by attaching the "ether" hook of the eiface node to the one2many's "one" hook directly. Cheers, --=20 Ruslan Ermilov FreeBSD committer ru@FreeBSD.org --NzB8fVQJ5HfG6fxh Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/51B1Ukv4P6juNwoRApnHAJ9qcjg6Mvg1hvF7JCugJWanrrV6qwCfYadb Cs5Hkcj5zSEDKRumiZ5gofs= =GlsI -----END PGP SIGNATURE----- --NzB8fVQJ5HfG6fxh-- From owner-freebsd-security@FreeBSD.ORG Tue Dec 23 19:47:50 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 612D216A4CE for ; Tue, 23 Dec 2003 19:47:50 -0800 (PST) Received: from nanguo.chalmers.com.au (220-244-9-90-qld.tpgi.com.au [220.244.9.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7265343D2D for ; Tue, 23 Dec 2003 19:47:40 -0800 (PST) (envelope-from robert@chalmers.com.au) Received: from carbon (carbon.chalmers.com.au [203.1.96.26]) hBO3ld1j001033 for ; Wed, 24 Dec 2003 13:47:39 +1000 (EST) Message-ID: <002201c3c9d0$ad79ff60$1a6001cb@chalmers.com.au> From: "Robert Chalmers" To: Date: Wed, 24 Dec 2003 13:47:39 +1000 Organization: The Mission of Our Lady of Fatima MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Robert Chalmers List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Dec 2003 03:47:50 -0000 The man page gives this example, however, when I attempt to use it, it = ssems to block the whole set? Could someone tell me what's going wrong here please. Thanks heaps.. This works, ${fwcmd} add deny log all from any to 203.1.96.1 in via ${oif} This blocks the whole IP block, not just the list? ${fwcmd} add deny log all from any to = 203.1.96.0/24{2,6-25,27-154,156-19 9,204-254} in via ${oif} the man page bit... list: {num | num-num}[,list] Matches all addresses with base address addr (specified as = a dot- ted quad or a hostname) and whose last byte is in the list between braces { } . Note that there must be no spaces = between braces and numbers (spaces after commas are allowed). = Elements of the list can be specified as single entries or ranges. = The masklen field is used to limit the size of the set of addresses, and can have any value between 24 and 32. If not specified, = it will be assumed as 24. This format is particularly useful to handle sparse address sets within a single rule. Because the matching occurs using a = bit- mask, it takes constant time and dramatically reduces the = com- plexity of rulesets. As an example, an address specified as = 1.2.3.4/24{128,35-55,89} will match the following IP addresses: 1.2.3.128, 1.2.3.35 to 1.2.3.55, 1.2.3.89 . Thanks Robert From owner-freebsd-security@FreeBSD.ORG Tue Dec 23 20:09:16 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9999216A4CE for ; Tue, 23 Dec 2003 20:09:16 -0800 (PST) Received: from nanguo.chalmers.com.au (220-244-9-90-qld.tpgi.com.au [220.244.9.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9C4FA43D1D for ; Tue, 23 Dec 2003 20:09:13 -0800 (PST) (envelope-from robert@chalmers.com.au) Received: from carbon (carbon.chalmers.com.au [203.1.96.26]) hBO49CMo000465 for ; Wed, 24 Dec 2003 14:09:12 +1000 (EST) Message-ID: <004301c3c9d3$b0219860$1a6001cb@chalmers.com.au> From: "Robert Chalmers" To: Date: Wed, 24 Dec 2003 14:09:12 +1000 Organization: The Mission of Our Lady of Fatima MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: address specified as 1.2.3.4/24{128,35-55,89} Is this Correct ???? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Robert Chalmers List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Dec 2003 04:09:16 -0000 The man page gives this example, however, when I attempt to use it, it = seems to block the whole set? Could someone tell me what's going wrong here please. Thanks heaps.. This works, ${fwcmd} add deny log all from any to 203.1.96.1 in via ${oif} This blocks the whole IP block, not just the list? ${fwcmd} add deny log all from any to = 203.1.96.0/24{2,6-25,27-154,156-19 9,204-254} in via ${oif} the man page bit... list: {num | num-num}[,list] Matches all addresses with base address addr (specified as = a dot- ted quad or a hostname) and whose last byte is in the list between braces { } . Note that there must be no spaces = between braces and numbers (spaces after commas are allowed). = Elements of the list can be specified as single entries or ranges. = The masklen field is used to limit the size of the set of addresses, and can have any value between 24 and 32. If not specified, = it will be assumed as 24. This format is particularly useful to handle sparse address sets within a single rule. Because the matching occurs using a = bit- mask, it takes constant time and dramatically reduces the = com- plexity of rulesets. As an example, an address specified as = 1.2.3.4/24{128,35-55,89} will match the following IP addresses: 1.2.3.128, 1.2.3.35 to 1.2.3.55, 1.2.3.89 . Thanks Robert From owner-freebsd-security@FreeBSD.ORG Tue Dec 23 22:10:49 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9787F16A4CE for ; Tue, 23 Dec 2003 22:10:49 -0800 (PST) Received: from nanguo.chalmers.com.au (220-244-9-90-qld.tpgi.com.au [220.244.9.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id B54F043D39 for ; Tue, 23 Dec 2003 22:10:46 -0800 (PST) (envelope-from robert@chalmers.com.au) Received: from carbon (carbon.chalmers.com.au [203.1.96.26]) hBO6AjxW000390 for ; Wed, 24 Dec 2003 16:10:45 +1000 (EST) Message-ID: <007501c3c9e4$ab16caf0$1a6001cb@chalmers.com.au> From: "Robert Chalmers" To: Date: Wed, 24 Dec 2003 16:10:44 +1000 Organization: The Mission of Our Lady of Fatima MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: How do I pass WWW (80) through the firewall on two NICs ? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Robert Chalmers List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Dec 2003 06:10:49 -0000 I'm getting lost ... Running two NICs - no problem. But trying to screw down the rules a bit = and getting lost on passing the www - or port 80, through the firewall = both waqys. There are WebServers - real and virtual, on the inside interface, with = their own PublicIP. I'm not using the OutsideInterface as their web = address, as I'm using my own DNS etc. So, in rc.firewall, what do I put in place so that everything can see my = webserver on the inside interface, and also, the workstations on the = inside network can see the internet... This works fine: # Allow access to our WWW ${fwcmd} add pass tcp from any to any 80 setup However, at the end of rc.firewall, I have to have this in place or I = can't get access to the outside world... ${fwcmd} add 65000 pass all from any to any ;; I'm getting lost in the trees, and can't see the forest now. Any help appreciated? thanks Robert --- The Mission of Our Lady of Fatima. http://www.the-mission-of-our-lady-of-fatima.org "I come from Heaven. I am the Lady of The Rosary" From owner-freebsd-security@FreeBSD.ORG Tue Dec 23 22:24:57 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE98616A4CE for ; Tue, 23 Dec 2003 22:24:57 -0800 (PST) Received: from tequila.4you.lt (tequila.4you.lt [212.122.68.216]) by mx1.FreeBSD.org (Postfix) with SMTP id 5925443D3F for ; Tue, 23 Dec 2003 22:24:55 -0800 (PST) (envelope-from hugle@vkt.lt) Received: (qmail 70691 invoked by uid 0); 24 Dec 2003 06:20:45 -0000 Received: from hugle@vkt.lt by tequila by uid 82 with qmail-scanner-1.20rc1 (. Clear:RC:1:. Processed in 0.097171 secs); 24 Dec 2003 06:20:45 -0000 Received: from unknown (HELO 127.0.0.1) (213.252.192.162) by tequila.4you.lt with SMTP; 24 Dec 2003 06:20:44 -0000 Date: Tue, 23 Dec 2003 22:24:11 -0800 From: hugle X-Mailer: The Bat! (v2.01) X-Priority: 3 (Normal) Message-ID: <103305460579.20031223222411@vkt.lt> To: Robert Chalmers , security In-Reply-To: <004301c3c9d3$b0219860$1a6001cb@chalmers.com.au> References: <004301c3c9d3$b0219860$1a6001cb@chalmers.com.au> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Re: address specified as 1.2.3.4/24{128,35-55,89} Is this Correct ???? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: hugle List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Dec 2003 06:24:57 -0000 RC> The man page gives this example, however, when I attempt to use it, it seems RC> to block the whole set? RC> Could someone tell me what's going wrong here please. Thanks heaps.. RC> This works, RC> ${fwcmd} add deny log all from any to 203.1.96.1 in via ${oif} RC> This blocks the whole IP block, not just the list? RC> ${fwcmd} add deny log all from any to RC> 203.1.96.0/24{2,6-25,27-154,156-19 9,204-254} in via ${oif} maybe "156-19 9" ? You have a space ( " " ) in here, so try out: ${fwcmd} add deny log all from any to 203.1.96.0/24{2,6-25,27-154,156-199,204-254} in via ${oif} RC> the man page bit... RC> list: {num | num-num}[,list] RC> Matches all addresses with base address addr (specified as a RC> dot- RC> ted quad or a hostname) and whose last byte is in the list RC> between braces { } . Note that there must be no spaces between RC> braces and numbers (spaces after commas are allowed). Elements RC> of the list can be specified as single entries or ranges. The RC> masklen field is used to limit the size of the set of RC> addresses, RC> and can have any value between 24 and 32. If not specified, it RC> will be assumed as 24. RC> This format is particularly useful to handle sparse address RC> sets RC> within a single rule. Because the matching occurs using a bit- RC> mask, it takes constant time and dramatically reduces the com- RC> plexity of rulesets. RC> As an example, an address specified as 1.2.3.4/24{128,35-55,89} RC> will match the following IP addresses: RC> 1.2.3.128, 1.2.3.35 to 1.2.3.55, 1.2.3.89 . RC> Thanks RC> Robert RC> _______________________________________________ RC> freebsd-security@freebsd.org mailing list RC> http://lists.freebsd.org/mailman/listinfo/freebsd-security RC> To unsubscribe, send any mail to RC> "freebsd-security-unsubscribe@freebsd.org" From owner-freebsd-security@FreeBSD.ORG Wed Dec 24 01:00:54 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F0DA316A4CE for ; Wed, 24 Dec 2003 01:00:54 -0800 (PST) Received: from nanguo.chalmers.com.au (220-244-9-90-qld.tpgi.com.au [220.244.9.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id EC18443D1D for ; Wed, 24 Dec 2003 01:00:50 -0800 (PST) (envelope-from robert@chalmers.com.au) Received: from carbon (carbon.chalmers.com.au [203.1.96.26]) hBO8pKJ1000383 for ; Wed, 24 Dec 2003 18:52:36 +1000 (EST) Message-ID: <000001c3c9fb$47129400$1a6001cb@chalmers.com.au> From: "Robert Chalmers" To: "security" References: <004301c3c9d3$b0219860$1a6001cb@chalmers.com.au> <103305460579.20031223222411@vkt.lt> Date: Wed, 24 Dec 2003 16:38:09 +1000 Organization: The Mission of Our Lady of Fatima MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Re: address specified as 1.2.3.4/24{128,35-55,89} Is this Correct???? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Robert Chalmers List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Dec 2003 09:00:55 -0000 Hi, sorry,. that must have been just word wrap 203.1.96.0/24{6-25,27-154,156-199,204-254} in via ${oif} It is actatually one line, no spaces or gaps. ${fwcmd} add deny log all from any to = 203.1.96.0/24{6-25,27-154,156-199,204-254} in via ${oif} this command kills the whole thing ? strange. Robert ----- Original Message -----=20 From: hugle=20 To: Robert Chalmers ; security=20 Sent: Wednesday, December 24, 2003 4:24 PM Subject: Re: address specified as 1.2.3.4/24{128,35-55,89} Is this = Correct???? RC> The man page gives this example, however, when I attempt to use = it, it seems RC> to block the whole set? RC> Could someone tell me what's going wrong here please. Thanks = heaps.. RC> This works, RC> ${fwcmd} add deny log all from any to 203.1.96.1 in via = ${oif} RC> This blocks the whole IP block, not just the list? RC> ${fwcmd} add deny log all from any to RC> 203.1.96.0/24{2,6-25,27-154,156-19 9,204-254} in via ${oif} maybe "156-19 9" ? You have a space ( " " ) in here, so try out: ${fwcmd} add deny log all from any to = 203.1.96.0/24{2,6-25,27-154,156-199,204-254} in via ${oif} RC> the man page bit... RC> list: {num | num-num}[,list] RC> Matches all addresses with base address addr = (specified as a RC> dot- RC> ted quad or a hostname) and whose last byte is in the = list RC> between braces { } . Note that there must be no = spaces between RC> braces and numbers (spaces after commas are allowed). = Elements RC> of the list can be specified as single entries or = ranges. The RC> masklen field is used to limit the size of the set of RC> addresses, RC> and can have any value between 24 and 32. If not = specified, it RC> will be assumed as 24. RC> This format is particularly useful to handle sparse = address RC> sets RC> within a single rule. Because the matching occurs = using a bit- RC> mask, it takes constant time and dramatically reduces = the com- RC> plexity of rulesets. RC> As an example, an address specified as = 1.2.3.4/24{128,35-55,89} RC> will match the following IP addresses: RC> 1.2.3.128, 1.2.3.35 to 1.2.3.55, 1.2.3.89 . RC> Thanks RC> Robert RC> _______________________________________________ RC> freebsd-security@freebsd.org mailing list RC> http://lists.freebsd.org/mailman/listinfo/freebsd-security RC> To unsubscribe, send any mail to RC> "freebsd-security-unsubscribe@freebsd.org" _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to = "freebsd-security-unsubscribe@freebsd.org" From owner-freebsd-security@FreeBSD.ORG Fri Dec 26 13:44:33 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A34EC16A4CE for ; Fri, 26 Dec 2003 13:44:33 -0800 (PST) Received: from hotmail.com (sea2-f46.sea2.hotmail.com [207.68.165.46]) by mx1.FreeBSD.org (Postfix) with ESMTP id F3B3943D46 for ; Fri, 26 Dec 2003 13:44:32 -0800 (PST) (envelope-from jamesbond_422@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 26 Dec 2003 13:44:32 -0800 Received: from 217.35.90.168 by sea2fd.sea2.hotmail.msn.com with HTTP; Fri, 26 Dec 2003 21:44:32 GMT X-Originating-IP: [217.35.90.168] X-Originating-Email: [jamesbond_422@hotmail.com] X-Sender: jamesbond_422@hotmail.com From: "James Bond" To: freebsd-security@freebsd.org Date: Fri, 26 Dec 2003 21:44:32 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 26 Dec 2003 21:44:32.0644 (UTC) FILETIME=[72992440:01C3CBF9] Subject: freebsd kernel hardening tools X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Dec 2003 21:44:33 -0000 Hi, Is there any automated tool like Bastille Linux for freebsd to harden the system security? Thanks jerry _________________________________________________________________ Send a funky MSN Messenger Christmas card http://www.msn.co.uk/christmascard From owner-freebsd-security@FreeBSD.ORG Fri Dec 26 16:18:43 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 64B6816A4E0 for ; Fri, 26 Dec 2003 16:18:43 -0800 (PST) Received: from cicero0.cybercity.dk (cicero0.cybercity.dk [212.242.40.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8F09743D41 for ; Fri, 26 Dec 2003 16:18:40 -0800 (PST) (envelope-from db@traceroute.dk) Received: from user1.cybercity.dk (fxp0.user1.ip.cybercity.dk [212.242.41.34]) by cicero0.cybercity.dk (Postfix) with ESMTP id C59EA2BBFE for ; Sat, 27 Dec 2003 01:18:38 +0100 (CET) Received: from main (port132.ds1-arsy.adsl.cybercity.dk [212.242.239.73]) by user1.cybercity.dk (Postfix) with SMTP id 5F06B74F86A for ; Sat, 27 Dec 2003 01:18:38 +0100 (CET) Date: Sat, 27 Dec 2003 01:21:21 +0100 From: Socketd To: freebsd-security@freebsd.org Message-Id: <20031227012121.4fd10504.db@traceroute.dk> In-Reply-To: References: X-Mailer: Sylpheed version 0.9.6claws (GTK+ 1.2.10; i386-portbld-freebsd4.8) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: freebsd kernel hardening tools X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Dec 2003 00:18:43 -0000 On Fri, 26 Dec 2003 21:44:32 +0000 "James Bond" wrote: > Hi, > Is there any automated tool like Bastille Linux for freebsd to harden > the system security? I'm working on it. It will be ready some time after the 5.2-Release. br socketd From owner-freebsd-security@FreeBSD.ORG Sat Dec 27 03:55:58 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9256416A4CE for ; Sat, 27 Dec 2003 03:55:58 -0800 (PST) Received: from ip-213-17-211-16.broker.com.pl (ip-213-17-211-16.broker.com.pl [213.17.211.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id E4C3743D1F for ; Sat, 27 Dec 2003 03:55:55 -0800 (PST) (envelope-from zk@wspim.edu.pl) Received: from hhos.serious.ld (localhost.serious.ld [127.0.0.1]) hBRBtqX8000859 for ; Sat, 27 Dec 2003 12:55:52 +0100 (CET) (envelope-from zk@wspim.edu.pl) Received: (from zk@localhost) by hhos.serious.ld (8.12.9p2/8.12.8/Submit) id hBRBtpWQ000858 for freebsd-security@freebsd.org; Sat, 27 Dec 2003 12:55:51 +0100 (CET) Date: Sat, 27 Dec 2003 12:55:51 +0100 From: zk To: freebsd-security@freebsd.org Message-ID: <20031227115551.GB604@hhos.serious.ld> References: <004301c3c9d3$b0219860$1a6001cb@chalmers.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <004301c3c9d3$b0219860$1a6001cb@chalmers.com.au> User-Agent: Mutt/1.4.1i Subject: Re: address specified as 1.2.3.4/24{128,35-55,89} Is this Correct ???? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Dec 2003 11:55:58 -0000 On Wed, Dec 24, 2003 at 02:09:12PM +1000, Robert Chalmers wrote: > The man page gives this example, however, when I attempt to use it, it seems > to block the whole set? > > Could someone tell me what's going wrong here please. Thanks heaps.. > > This works, > ${fwcmd} add deny log all from any to 203.1.96.1 in via ${oif} > > This blocks the whole IP block, not just the list? > ${fwcmd} add deny log all from any to 203.1.96.0/24{2,6-25,27-154,156-19 9,204-254} in via ${oif} > Do you use ipfw2? It's not default on FreeBSD 4.x systems. And maybe you should quote {} ${fwcmd} add deny log all from any to '203.1.96.0/24{2,6-25,27-154,156-199,204-254}' (...) zk From owner-freebsd-security@FreeBSD.ORG Sat Dec 27 14:38:51 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CB86A16A4CE for ; Sat, 27 Dec 2003 14:38:51 -0800 (PST) Received: from nanguo.chalmers.com.au (220-244-9-90-qld.tpgi.com.au [220.244.9.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 369F743D3F for ; Sat, 27 Dec 2003 14:38:48 -0800 (PST) (envelope-from robert@chalmers.com.au) Received: from carbon (carbon.chalmers.com.au [203.1.96.26]) hBRMcjtd011822 for ; Sun, 28 Dec 2003 08:38:46 +1000 (EST) X-Authentication-Warning: nanguo.chalmers.com.au: Host carbon.chalmers.com.au [203.1.96.26] claimed to be carbon Message-ID: <001c01c3ccca$302977f0$1a6001cb@chalmers.com.au> From: "Robert Chalmers" To: References: <004301c3c9d3$b0219860$1a6001cb@chalmers.com.au> <20031227115551.GB604@hhos.serious.ld> Date: Sun, 28 Dec 2003 08:38:45 +1000 Organization: The Mission of Our Lady of Fatima MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Re: address specified as 1.2.3.4/24{128,35-55,89} Is this Correct???? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Robert Chalmers List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Dec 2003 22:38:51 -0000 Hi, Thanks. I was only running ipfw, not ipfw2. Put ipfw2 in place and all = probelms solved. cheers Robert ----- Original Message -----=20 From: zk=20 To: freebsd-security@freebsd.org=20 Sent: Saturday, December 27, 2003 9:55 PM Subject: Re: address specified as 1.2.3.4/24{128,35-55,89} Is this = Correct???? On Wed, Dec 24, 2003 at 02:09:12PM +1000, Robert Chalmers wrote: > The man page gives this example, however, when I attempt to use it, = it seems > to block the whole set? >=20 > Could someone tell me what's going wrong here please. Thanks heaps.. >=20 > This works, > ${fwcmd} add deny log all from any to 203.1.96.1 in via = ${oif} >=20 > This blocks the whole IP block, not just the list? > ${fwcmd} add deny log all from any to = 203.1.96.0/24{2,6-25,27-154,156-19 9,204-254} in via ${oif} >=20 Do you use ipfw2? It's not default on FreeBSD 4.x systems. And maybe you should quote {} ${fwcmd} add deny log all from any to = '203.1.96.0/24{2,6-25,27-154,156-199,204-254}' (...) zk _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to = "freebsd-security-unsubscribe@freebsd.org" From owner-freebsd-security@FreeBSD.ORG Sat Dec 27 20:56:11 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0E64C16A4CE for ; Sat, 27 Dec 2003 20:56:11 -0800 (PST) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id C11C943D3F for ; Sat, 27 Dec 2003 20:56:09 -0800 (PST) (envelope-from brett@lariat.org) Received: from runaround.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id VAA06013 for ; Sat, 27 Dec 2003 21:56:05 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <6.0.0.22.2.20031227130657.03825808@localhost> X-Sender: brett@localhost (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Sat, 27 Dec 2003 13:07:30 -0700 To: security@freebsd.org From: Brett Glass Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: Heads up: Does this affect FreeBSD's tcpdump? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Dec 2003 04:56:11 -0000 Subject: user/3610: repetable tcpdump remote crash Resent-Date: Sat, 20 Dec 2003 08:55:02 -0700 (MST) Resent-From: gnats@cvs.openbsd.org (GNATS Filer) Resent-To: bugs@cvs.openbsd.org Date: Sat, 20 Dec 2003 16:42:25 +0100 (CET) From: venglin@freebsd.lublin.pl Reply-To: venglin@freebsd.lublin.pl To: gnats@openbsd.org >Number: 3610 >Category: user >Synopsis: repetable tcpdump remote crash >Confidential: yes >Severity: critical >Priority: high >Responsible: bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: net >Arrival-Date: Sat Dec 20 15:50:02 GMT 2003 >Closed-Date: >Last-Modified: >Originator: Przemyslaw Frasunek >Release: 3.3-RELEASE >Organization: net >Environment: System : OpenBSD 3.3 Architecture: OpenBSD.i386 Machine : i386 >Description: Sending a packet containg 0xff,0x02 bytes to port 1701/udp causes a L2TP protocol parser in tcpdump to enter an infinite loop, eating all available memory and then segfaulting. This bug also affects tcpdump in -CURRENT. >How-To-Repeat: tcpdump -i lo0 -n udp and dst port 1701 & perl -e 'print "\xff\x02"' | nc -u localhost 1701 >Fix: Unknown, recent versions of tcpdump are immune to this problem. >Release-Note: >Audit-Trail: >Unformatted: ` From owner-freebsd-security@FreeBSD.ORG Sat Dec 27 21:14:54 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9568C16A4CE for ; Sat, 27 Dec 2003 21:14:54 -0800 (PST) Received: from tx1.oucs.ox.ac.uk (tx1.oucs.ox.ac.uk [129.67.1.167]) by mx1.FreeBSD.org (Postfix) with ESMTP id E371743D3F for ; Sat, 27 Dec 2003 21:14:52 -0800 (PST) (envelope-from colin.percival@wadham.ox.ac.uk) Received: from scan1.oucs.ox.ac.uk ([129.67.1.166] helo=localhost) by tx1.oucs.ox.ac.uk with esmtp (Exim 4.20) id 1AaTGO-0002Ad-GL for security@freebsd.org; Sun, 28 Dec 2003 05:14:52 +0000 Received: from rx1.oucs.ox.ac.uk ([129.67.1.165]) by localhost (scan1.oucs.ox.ac.uk [129.67.1.166]) (amavisd-new, port 25) with ESMTP id 08148-06 for ; Sun, 28 Dec 2003 05:14:51 +0000 (GMT) Received: from gateway.wadham.ox.ac.uk ([163.1.161.253]) by rx1.oucs.ox.ac.uk with smtp (Exim 4.20) id 1AaTGN-0002AZ-6B for security@freebsd.org; Sun, 28 Dec 2003 05:14:51 +0000 Received: (qmail 1775 invoked by uid 0); 28 Dec 2003 05:14:51 -0000 Received: from colin.percival@wadham.ox.ac.uk by gateway by uid 71 with qmail-scanner-1.16 (sweep: 2.14/3.71. spamassassin: 2.53. Clear:. Processed in 1.448328 secs); 28 Dec 2003 05:14:51 -0000 X-Qmail-Scanner-Mail-From: colin.percival@wadham.ox.ac.uk via gateway X-Qmail-Scanner: 1.16 (Clear:. Processed in 1.448328 secs) Received: from dhcp1131.wadham.ox.ac.uk (HELO piii600.wadham.ox.ac.uk) (163.1.161.131) by gateway.wadham.ox.ac.uk with SMTP; 28 Dec 2003 05:14:50 -0000 Message-Id: <5.0.2.1.1.20031228051302.01cd1a90@popserver.sfu.ca> X-Sender: cperciva@popserver.sfu.ca X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Date: Sun, 28 Dec 2003 05:14:43 +0000 To: Brett Glass , security@freebsd.org From: Colin Percival In-Reply-To: <6.0.0.22.2.20031227130657.03825808@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: Re: Heads up: Does this affect FreeBSD's tcpdump? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Dec 2003 05:14:54 -0000 At 13:07 27/12/2003 -0700, Brett Glass wrote: >Subject: user/3610: repetable tcpdump remote crash >Date: Sat, 20 Dec 2003 16:42:25 +0100 (CET) >From: venglin@freebsd.lublin.pl >Reply-To: venglin@freebsd.lublin.pl >To: gnats@openbsd.org I'm not sure, but I think this was fixed in tcpdump 3.7.1, which was imported (and MFCed) 18 months ago. Colin Percival