From owner-freebsd-security Wed Nov 4 08:12:05 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA16839 for freebsd-security-outgoing; Wed, 4 Nov 1998 08:12:05 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from rucus.ru.ac.za (rucus.ru.ac.za [146.231.29.2]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id IAA16677 for ; Wed, 4 Nov 1998 08:11:46 -0800 (PST) (envelope-from nbm@rucus.ru.ac.za) Received: (qmail 5101 invoked by uid 1003); 4 Nov 1998 16:11:22 -0000 Message-ID: <19981104181121.A4160@rucus.ru.ac.za> Date: Wed, 4 Nov 1998 18:11:21 +0200 From: Neil Blakey-Milner To: Open Systems Networking , freebsd-security@FreeBSD.ORG Subject: Re: Amazing wonder packet sneaks by deny all rule? References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: ; from Open Systems Networking on Wed, Nov 04, 1998 at 08:28:08AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed 1998-11-04 (08:28), Open Systems Networking wrote: > It's really late/early this morning and I was just checking the rule set > on a clients machine I just built. When I saw this: > > 65534 195 14104 deny log ip from any to any > 65535 1 76 deny ip from any to any > > Now maybe it's my lack of sleep but how did that amazing wonder packet > on rule 65535 sneak by 65534 :-) A fluke? A 1 in a million chance? I think the packet is likely to have arrived after firewalling kicked in, and before you added your 65534 rule. Neil -- Neil Blakey-Milner nbm@rucus.ru.ac.za To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message