From owner-freebsd-ipfw  Mon Oct  2 12:54:24 2000
Delivered-To: freebsd-ipfw@freebsd.org
Received: from forrie.net (forrie.net [64.20.73.233])
	by hub.freebsd.org (Postfix) with ESMTP id 6166837B502
	for <freebsd-ipfw@freebsd.org>; Mon,  2 Oct 2000 12:54:22 -0700 (PDT)
Received: from boomer.forrie.com (dhcp-north-71-168.navipath.net [64.20.71.168])
            by forrie.net with id e92JsLv14762
            for <freebsd-ipfw@freebsd.org>; Mon, 2 Oct 2000 15:54:21 -0400 (EDT)
Message-Id: <5.0.0.25.2.20001002154554.01bfe310@64.20.73.233>
X-Sender: forrie@64.20.73.233
X-Mailer: QUALCOMM Windows Eudora Version 5.0
Date: Mon, 02 Oct 2000 15:47:40 -0400
To: freebsd-ipfw@freebsd.org
From: Forrest Aldrich <forrie@forrie.com>
Subject: 4.1.1 Kernel ipfw, brought to its knees
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

I was working with our security person here at work, with my ipfw 
config.  I ran into some problems, which I'm still trying to figure out.

So, he offered to at least scan the machine.   He did a basic nmap scan... 
brought the machine to its knees.  I had ICMP bandwidth limitation 
enabled.  All except the RST (which isn't recommended for web servers).

The machine is rendered unusable.   I've never seen this happen to a 
FreeBSD box.  Our 2.2.8 systems withstand this better than this.

?


Forrest



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message