Date: Wed, 4 Nov 1998 11:23:52 -0600 From: Alex Nash <nash@mcs.net> To: Open Systems Networking <opsys@mail.webspan.net>, freebsd-security@FreeBSD.ORG Subject: Re: Amazing wonder packet sneaks by deny all rule? Message-ID: <19981104112352.B4776@mcs.net> In-Reply-To: <Pine.BSF.4.02.9811040815360.4966-100000@orion.webspan.net>; from Open Systems Networking on Wed, Nov 04, 1998 at 08:28:08AM -0500 References: <Pine.BSF.4.02.9811040815360.4966-100000@orion.webspan.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Nov 04, 1998 at 08:28:08AM -0500, Open Systems Networking wrote: > > It's really late/early this morning and I was just checking the rule set > on a clients machine I just built. When I saw this: > > 65534 195 14104 deny log ip from any to any > 65535 1 76 deny ip from any to any > > Now maybe it's my lack of sleep but how did that amazing wonder packet > on rule 65535 sneak by 65534 :-) A fluke? A 1 in a million chance? As others have already pointed out, this packet was probably sent before rule 65534 was configured. To verify this, run ipfw -t l to check the timestamp on rule 65535...my guess is it will be equivalent to either your time of last boot (sysctl kern.boottime), or whenever you last reloaded your ruleset. Alex To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981104112352.B4776>