From owner-freebsd-security  Thu Oct 29 08:42:47 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA14275
          for freebsd-security-outgoing; Thu, 29 Oct 1998 08:42:47 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from carp.gbr.epa.gov (carp.gbr.epa.gov [204.46.159.110])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA14268
          for <freebsd-security@freebsd.org>; Thu, 29 Oct 1998 08:42:45 -0800 (PST)
          (envelope-from mjenkins@carp.gbr.epa.gov)
Received: (from mjenkins@localhost)
	by carp.gbr.epa.gov (8.8.8/8.8.8) id KAA12888;
	Thu, 29 Oct 1998 10:42:39 -0600 (CST)
	(envelope-from mjenkins)
Date: Thu, 29 Oct 1998 10:42:39 -0600 (CST)
From: Mike Jenkins <mjenkins@carp.gbr.epa.gov>
Message-Id: <199810291642.KAA12888@carp.gbr.epa.gov>
To: wjv@cityip.co.za
Subject: Re: Connections succeed even though denied by IPFW
Cc: freebsd-security@FreeBSD.ORG
In-Reply-To: <19981029143547.A15193@cityip.co.za>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> Date: Thu, 29 Oct 1998 14:35:47 +0200
> From: Johann Visagie <wjv@cityip.co.za>
>
> Problem solved.  It was all due to a gross misconfiguration of IPFW rules by
> yours truly.  Worse, this situation has persisted for some months - time to
> do a thorough security audit on the box in question.  :-(

Brings back memories of the classic packet filtering paper by Brent
Chapman entitled "Network (In)Security Through IP Packet Filtering".
Things have improved with packet filters but it can still be difficult
to get it right.  Of course, you might run a scanner (nmap) to see if
your rules are working.

Mike

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message