From owner-freebsd-security Wed Nov 4 09:24:04 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA27648 for freebsd-security-outgoing; Wed, 4 Nov 1998 09:24:04 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from Kitten.mcs.com (Kitten.mcs.com [192.160.127.90]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA27570 for ; Wed, 4 Nov 1998 09:24:01 -0800 (PST) (envelope-from nash@Mars.mcs.net) Received: from Mars.mcs.net (nash@Mars.mcs.net [192.160.127.85]) by Kitten.mcs.com (8.8.7/8.8.2) with ESMTP id LAA20364; Wed, 4 Nov 1998 11:23:52 -0600 (CST) Received: (from nash@localhost) by Mars.mcs.net (8.8.7/8.8.2) id LAA06071; Wed, 4 Nov 1998 11:23:52 -0600 (CST) Message-ID: <19981104112352.B4776@mcs.net> Date: Wed, 4 Nov 1998 11:23:52 -0600 From: Alex Nash To: Open Systems Networking , freebsd-security@FreeBSD.ORG Subject: Re: Amazing wonder packet sneaks by deny all rule? Mail-Followup-To: Open Systems Networking , freebsd-security@FreeBSD.ORG References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: ; from Open Systems Networking on Wed, Nov 04, 1998 at 08:28:08AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Nov 04, 1998 at 08:28:08AM -0500, Open Systems Networking wrote: > > It's really late/early this morning and I was just checking the rule set > on a clients machine I just built. When I saw this: > > 65534 195 14104 deny log ip from any to any > 65535 1 76 deny ip from any to any > > Now maybe it's my lack of sleep but how did that amazing wonder packet > on rule 65535 sneak by 65534 :-) A fluke? A 1 in a million chance? As others have already pointed out, this packet was probably sent before rule 65534 was configured. To verify this, run ipfw -t l to check the timestamp on rule 65535...my guess is it will be equivalent to either your time of last boot (sysctl kern.boottime), or whenever you last reloaded your ruleset. Alex To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message