Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 4 Nov 1998 11:23:52 -0600
From:      Alex Nash <nash@mcs.net>
To:        Open Systems Networking <opsys@mail.webspan.net>, freebsd-security@FreeBSD.ORG
Subject:   Re: Amazing wonder packet sneaks by deny all rule?
Message-ID:  <19981104112352.B4776@mcs.net>
In-Reply-To: <Pine.BSF.4.02.9811040815360.4966-100000@orion.webspan.net>; from Open Systems Networking on Wed, Nov 04, 1998 at 08:28:08AM -0500
References:  <Pine.BSF.4.02.9811040815360.4966-100000@orion.webspan.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Nov 04, 1998 at 08:28:08AM -0500, Open Systems Networking wrote:
> 
> It's really late/early this morning and I was just checking the rule set
> on a clients machine I just built. When I saw this:
> 
> 65534        195      14104 deny log ip from any to any
> 65535          1         76 deny ip from any to any
> 
> Now maybe it's my lack of sleep but how did that amazing wonder packet
> on rule 65535 sneak by 65534 :-) A fluke? A 1 in a million chance?

As others have already pointed out, this packet was probably sent before
rule 65534 was configured.  To verify this, run ipfw -t l to check the
timestamp on rule 65535...my guess is it will be equivalent to either
your time of last boot (sysctl kern.boottime), or whenever you last
reloaded your ruleset.

Alex

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981104112352.B4776>