From owner-freebsd-security Wed May 30 5:48:58 2001 Delivered-To: freebsd-security@freebsd.org Received: from alpha.netvision.net.il (alpha.netvision.net.il [194.90.1.13]) by hub.freebsd.org (Postfix) with ESMTP id B1CC637B422 for ; Wed, 30 May 2001 05:48:54 -0700 (PDT) (envelope-from lirandb@netvision.net.il) Received: from a ([213.57.143.184]) by alpha.netvision.net.il (8.9.3/8.8.6) with SMTP id PAA10532 for ; Wed, 30 May 2001 15:48:52 +0300 (IDT) Message-ID: <000b01c0e90f$49604100$b88f39d5@a> From: "Liran Dahan" To: References: <010f01c0e888$5ab3c120$b88f39d5@a> <200105291052100670.246E525C@smtp> <012601c0e88c$3e6efb20$b88f39d5@a> <3B141E8A.5AC7E84E@globalstar.com> <000801c0e897$11f2bb80$b88f39d5@a> <20010530135251.A10210@hades.hell.gr> Subject: Re: Syn+Fin (Setup) And TCP RST Date: Wed, 30 May 2001 15:49:02 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org About paranoid hosts.allow, you right :) But my DNS Server never timed out on me :P (I run my own DNS Server) ----- Original Message ----- From: "Giorgos Keramidas" To: "Liran Dahan" Cc: Sent: Wednesday, May 30, 2001 12:52 PM Subject: Re: Syn+Fin (Setup) And TCP RST > On Wed, May 30, 2001 at 01:28:30AM +0200, Liran Dahan wrote: > > I checked the rules order, its ok...But something strange.. > > I've added rule like: ipfw add 1 reset tcp from any to any 100-200 , and i > > have daemon running on port 110, i telneted it and i got connection refused > > after 2 secs..(even when i have TCP_RESTRICT_RST Enabled - Via sysctl and > > Kernel), But when i telneted the other ports (that arent running daemons - > > Closed ports), it took about 30 seconds till i got connection refused - or > > it was connection timeout (i did it from windows telnet). > > Why do I have the strange feeling that you have PARANOID enabled in your > hosts.allow for telnet connections and some DNS server times out on you? > > --giorgos > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message