From owner-freebsd-security@FreeBSD.ORG Tue Oct 25 21:28:32 2005 Return-Path: X-Original-To: freebsd-security@FreeBSD.org Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1133716A41F for ; Tue, 25 Oct 2005 21:28:32 +0000 (GMT) (envelope-from list@rsnnv.com) Received: from mail.rsnnv.com (mail.rsnnv.com [207.168.182.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id B315143D76 for ; Tue, 25 Oct 2005 21:28:26 +0000 (GMT) (envelope-from list@rsnnv.com) Received: (qmail 5772 invoked by uid 89); 25 Oct 2005 21:27:16 -0000 Received: by simscan 1.1.0 ppid: 5754, pid: 5755, t: 1.5770s scanners: attach: 1.1.0 clamav: 0.87/m:34/d:1146 spam: 3.0.3 Received: from unknown (HELO rsnnv01) (207.168.182.130) by mail.rsnnv.com with (RC4-MD5 encrypted) SMTP; 25 Oct 2005 21:27:14 -0000 From: "Chris Odell" To: "'John Fitzgerald'" , Date: Tue, 25 Oct 2005 14:28:09 -0700 Organization: Red Star Networks, Inc MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.6353 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506 Thread-Index: AcXZniDnHuX7D2jTS9+RTXRAbV/awwADLbPA In-Reply-To: <5e49673f0510251032w38312bb7kb082b15d97d00082@mail.gmail.com> X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on rock.rsnnv.com X-Spam-Level: X-Spam-Status: No, score=0.5 required=5.0 tests=AWL autolearn=ham version=3.0.3 Message-Id: <20051025212826.B315143D76@mx1.FreeBSD.org> Cc: Subject: RE: ipf stopped working on 5.3 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: list@rsnnv.com List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Oct 2005 21:28:32 -0000 I had this same problem and found out there is a parimeter that needs to be added to the kernel config that was not needed previously. When I get back to my office, I will look it up and send it to you. Chris Odell -----Original Message----- From: owner-freebsd-security@freebsd.org [mailto:owner-freebsd-security@freebsd.org] On Behalf Of John Fitzgerald Sent: Tuesday, October 25, 2005 10:33 AM To: freebsd-security@FreeBSD.org Subject: ipf stopped working on 5.3 I've had ipf working on a few 5.3 servers for quite awhile. Not too long ago some developers had to do some coding work and were coming from dynamic IP's. I (reluctantly) opened up SSH to the world. Immediately I started seeing the attacks where bots of some sort would try to break in with a variety of different users. So, I (thought) I closed it up again and told the developers to use a dedicated proxy. They did, but I realized that I hadn't actually closed things off. I was still getting attacked. I had tried, but ipf suddenly wasn't working. Whenever I would change the firewall rules and ipf -D and the ipf -E -f /etc/my.rules it would simply return: 1:ioctl(add/insert rule): No such process I didn't have the time to look into it at the time, but am now trying to figure it out. Ipf is obviously not working and I don't know why. I have tried recompiling the kernel a myriad of different ways. With/without ipfw, with/without ipsec, etc. All to no avail. Is this a bug, did I get hacked? I have googled this quite a bit and the only thing that I found was possibly a buildworld scenario where something got updated and it doesn't work now. I didn't install src so I'm a bit out of luck on that one. FreeBSD 5.3-RELEASE OpenSSH_3.8.1p1 FreeBSD-20040419, OpenSSL 0.9.7d 17 Mar 2004 Cheers, JJ _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"