From owner-freebsd-security  Fri Feb  2  2:55:41 2001
Delivered-To: freebsd-security@freebsd.org
Received: from prg.traveller.cz (prg.traveller.cz [193.85.2.2])
	by hub.freebsd.org (Postfix) with ESMTP id 400F537B491
	for <security@freebsd.org>; Fri,  2 Feb 2001 02:55:24 -0800 (PST)
Received: from prg.traveller.cz (prg.traveller.cz [193.85.2.2])
	by prg.traveller.cz (8.9.3[EUnet-CZ](2)/8.9.3) with ESMTP id LAA03070
	for <security@freebsd.org>; Fri, 2 Feb 2001 11:55:22 +0100 (CET)
Date: Fri, 2 Feb 2001 11:55:22 +0100 (CET)
From: Michal Mertl <mime@traveller.cz>
To: security@freebsd.org
Subject: strange dropped packets
Message-ID: <Pine.BSO.4.21.0102021042360.30602-100000@prg.traveller.cz>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I've installed and configured several FreeBSD boxes (>=4.1). On all of
them I use log_in_vain="YES" in rc.conf. Sometime I also install ipfilter
(with rules with minimal holes in and outbound traffic with "keep state").
Either with ipfilter installed or not I see dropped packets in
/var/log/messages (result of log_in_vain) which seems to me like last
packets of a regular communications open from inside (either UDP (dns
queries) or TCP (mostly web)).

It doesn't stop anything from working but I'm curious what it may mean. I
think sometimes FreeBSD thinks tcp or udp connection is closed when the
other end doesn't think so (and because the packets aren't catched by
ipfilter I suspect the problem on FreeBSD's side).



-- 
Michal Mertl
mime@traveller.cz




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message