From owner-freebsd-security Tue Jul 21 16:56:58 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA14814 for freebsd-security-outgoing; Tue, 21 Jul 1998 16:56:58 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from enya.hilink.com.au (enya.hilink.com.au [203.8.14.116]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA14709 for ; Tue, 21 Jul 1998 16:56:28 -0700 (PDT) (envelope-from danny@enya.hilink.com.au) Received: from localhost (danny@localhost) by enya.hilink.com.au (8.8.8/8.8.7) with SMTP id JAA03991; Wed, 22 Jul 1998 09:55:31 +1000 (EST) (envelope-from danny@enya.hilink.com.au) Date: Wed, 22 Jul 1998 09:55:31 +1000 (EST) From: "Daniel O'Callaghan" To: Johann Visagie cc: Philippe Regnauld , security@FreeBSD.ORG Subject: Re: ipfw & icmp question In-Reply-To: <19980721142451.A4361@cityip.co.za> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 21 Jul 1998, Johann Visagie wrote: > On Sat, 30 May 1998 at 23:48 SAT, Philippe Regnauld wrote: > > > > I am a bit puzzled regarding the following situation: > > > > I have a machine with IPFW setup to send "port unreachable" if > > a connection attempt is made on port 113/TCP (identd). The policy > > is default deny. Here is what happens when I do "telnet host 113" > > Sorry, can't help you with that one. I just allow queries to 113/tcp and > make sure there's nothing running on the port. *shrug* Don't send port unreachable. FreeBSD sees that as a temporary failure. Send a TCP RST using "ipfw add rule# reset tcp from any to any 113" Danny To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message