From owner-freebsd-security Fri May 18 10:32:47 2001 Delivered-To: freebsd-security@freebsd.org Received: from ritchie.loop.com (ritchie.loop.com [207.211.60.70]) by hub.freebsd.org (Postfix) with ESMTP id 6BF4C37B422 for ; Fri, 18 May 2001 10:32:43 -0700 (PDT) (envelope-from dwplists@loop.com) Received: from Elektra.loop.com (elektra.loop.com [207.211.60.33]) by ritchie.loop.com (8.9.3/8.9.3) with SMTP id KAA15118 for ; Fri, 18 May 2001 10:32:42 -0700 (PDT) Message-ID: <046c01c0dfc0$833e7fc0$213cd3cf@loop.com> From: "D. W. Piper" To: References: <200105181518.WAA12362@bazooka.cs.ait.ac.th> Subject: IPFW Rule -1 Always = Attack? Date: Fri, 18 May 2001 10:32:24 -0700 Organization: The Loop Internet MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi everyone, If I understand things correctly from the archives and the IPFW man page, IPFW rule -1 is built into the firewall, and only applies to rejecting IP fragments with a fragment offset of one. The man page further states, "This is a valid packet, but it only has one use, to try to circumvent firewalls." Does that mean that every packet dropped by rule -1 indicates a deliberate attempt to circumvent the firewall, and should be reported to the appropriate network administrator for the source IP address? TIA, David To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message