From owner-freebsd-questions  Tue Jun 20 19:19:54 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from nhj.nlc.net.au (nhj.nlc.net.au [203.24.133.1])
	by hub.freebsd.org (Postfix) with SMTP id A478C37B67F
	for <freebsd-questions@FreeBSD.ORG>; Tue, 20 Jun 2000 19:19:49 -0700 (PDT)
	(envelope-from john@nlc.net.au)
Received: (qmail 2751 invoked from network); 21 Jun 2000 12:19:42 +1000
Received: from nhj.nlc.net.au (HELO vecomm3) (203.24.133.1)
  by nhj.nlc.net.au with SMTP; 21 Jun 2000 12:19:42 +1000
Message-ID: <00c601bfdb27$2af63810$4ab511cb@vecommerce.com.au>
From: "John Saunders" <john@nlc.net.au>
To: "FreeBSD questions" <freebsd-questions@FreeBSD.ORG>
Subject: user mode ppp alive filters
Date: Wed, 21 Jun 2000 12:19:44 +1000
Organization: NORTHLINK COMMUNICATIONS PTY LTD
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6600
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hi all,

I have a question regarding the alive filters in user mode ppp.

I currently prevent DNS, RWHO, ICMP, and SMB broadcasts from keeping
the link up. However since yesterday somebody is probing me on the
Back Orriface port (1235) every 5 minutes and this is keeping my
link alive.

So what I would like is the filter rules required to prevent refused
connections from keeping the link up. Interestingly I'm not seeing
my box generate ICMP port unreachable packets with tcpdump. I'm running
ppp with the -nat option if that makes a difference.

This is what tcpdump is showing me.

12:11:15.043265 209.185.128.147.1863 > x.x.x.x.1235: P 3022740420:30227404
21(1) ack 3464214 win 64240 (DF)
12:11:15.160661 x.x.x.x.1235 > 209.185.128.147.1863: . ack 1 win 7853 (DF)
12:11:15.160791 x.x.x.x.1235 > 209.185.128.147.1863: . ack 1 win 7853 (DF)

Now to send a few shots over their bow to let them know that I know :)

Thanks.
--            +------------------------------------------------------------+
        .     | John Saunders  - mailto:john@nlc.net.au            (EMail) |
    ,--_|\    |                - http://www.nlc.net.au/              (WWW) |
   /  Oz  \   |                - 1800-445-100 or 0418-223-814      (Phone) |
   \_,--\_/   | NORTHLINK COMMUNICATIONS P/L - Supplying a professional,   |
         v    | and above all friendly, internet connection service.       |
              +------------------------------------------------------------+




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message