From owner-freebsd-questions Sun May 17 12:02:10 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA00489 for freebsd-questions-outgoing; Sun, 17 May 1998 12:02:10 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from ftp1.mfn.org (ftp1.mfn.org [204.238.179.20]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA00379 for ; Sun, 17 May 1998 12:01:47 -0700 (PDT) (envelope-from root@ftp1.mfn.org) Received: (from root@localhost) by ftp1.mfn.org (8.8.7/8.8.7) id OAA07502 for freebsd-questions@freebsd.org; Sun, 17 May 1998 14:00:49 -0500 (CDT) (envelope-from root) Date: Sun, 17 May 1998 14:00:49 -0500 (CDT) From: Charlie Root Message-Id: <199805171900.OAA07502@ftp1.mfn.org> To: freebsd-questions@FreeBSD.ORG Subject: Possible bug in IPFW Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG As everyone on this list knows, we've been playing with IPFW pretty intensely over the last couple of days. Having finalized our rule sets, we went about a stress-test (sans appreciable load) yesterday. Here is the basic outline: (1) Rulesets. Allow this, that, blah, blah, blah... (2) Final rule: 65500 deny log all from any to any So we bring up the filter machine, and start attacking it: (3) First, (and last it turns out), we scan it twice, first on port 1080, and second on port 23 (dont ask why these ports, it's a long story). The scan consists of attempting to establish connections (i.e., *not* a "stealth" scanner) at each address of our ip blocks. About half way through the "23 series" of scans (which would make it about 750 connections attempted, it ceased logging (forever!) with the following message: May 17 00:39:21 attackme /kernel: ipfw: 65500 Deny TCP x.x.x.x:1065 me.me.me.me:23 in via de3 I have checked for disk space, which AFAIK has never exceeded 50% usage on any slice, and sure enough, the top user of space was at a mere 45%. /var is at 3%. Except for the fact that it is no longer logging, it appears to be ok: cron is running and doing it's thing, it succeeded in backing itself up last night, and it still appears to be filtering, although *without* logging bad packets. Should I be forwarding this to the bugs list, or have I missed something very basic here? TIA J.A. Terranson sysadmin@mfn.org A small fading light in a vast and obscure universe. SUPPORT YOUR RIGHT TO PRIVACY: ENCRYPT! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message