From owner-freebsd-security@FreeBSD.ORG  Tue Jun 27 20:10:29 2006
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 48A3E16A408;
	Tue, 27 Jun 2006 20:10:29 +0000 (UTC)
	(envelope-from mi+mx@aldan.algebra.com)
Received: from aldan.algebra.com (aldan.algebra.com [216.254.65.224])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AE70D43FEC;
	Tue, 27 Jun 2006 20:10:28 +0000 (GMT)
	(envelope-from mi+mx@aldan.algebra.com)
Received: from corbulon.video-collage.com
	(static-151-204-231-237.bos.east.verizon.net [151.204.231.237])
	by aldan.algebra.com (8.13.6/8.13.6) with ESMTP id k5RKAOvB095154
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Tue, 27 Jun 2006 16:10:27 -0400 (EDT)
	(envelope-from mi+mx@aldan.algebra.com)
Received: from [172.21.130.86] (mx-broadway [38.98.68.18])
	by corbulon.video-collage.com (8.13.6/8.13.6) with ESMTP id
	k5RKAIxe087470
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Tue, 27 Jun 2006 16:10:18 -0400 (EDT)
	(envelope-from mi+mx@aldan.algebra.com)
From: Mikhail Teterin <mi+mx@aldan.algebra.com>
Organization: Virtual Estates, Inc.
To: Pawel Worach <pawel.worach@gmail.com>
Date: Tue, 27 Jun 2006 16:10:04 -0400
User-Agent: KMail/1.9.1
References: <200606271455.32276.mi+mx@aldan.algebra.com>
	<44A1816B.3030808@gmail.com>
In-Reply-To: <44A1816B.3030808@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="koi8-u"
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
Message-Id: <200606271610.04604.mi+mx@aldan.algebra.com>
X-Virus-Scanned: ClamAV 0.88/1564/Mon Jun 26 10:55:16 2006 on
	corbulon.video-collage.com
X-Virus-Status: Clean
X-Scanned-By: MIMEDefang 2.43
X-Mailman-Approved-At: Tue, 27 Jun 2006 21:09:40 +0000
Cc: freebsd-security@freebsd.org, net@freebsd.org
Subject: Re: fetch http://localhost:6666 hangs
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jun 2006 20:10:29 -0000

в╕второк 27 червень 2006 15:05, Pawel Worach написав:
> > I just noticed, that on my recent "6.1-STABLE #4: Thu Jun  8" amd64
> > system attempts to connect to a bogus port (like 6666) hang instead of
> > failing with "Connection refused" immediately, as they on other systems.
>
> Using sysctl net.inet.tcp.blackhole=1 ?

Yes, that's what it was...

Got me thinking, though... Should the blackhole setting apply to localhost 
(and local IP addresses) at all? It is a security measure -- would be nicer 
to reduce its impact on legitimate activity...

	-mi