From owner-freebsd-security Wed Jul 4 6:11:17 2001 Delivered-To: freebsd-security@freebsd.org Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by hub.freebsd.org (Postfix) with ESMTP id D1E9837B401 for ; Wed, 4 Jul 2001 06:11:14 -0700 (PDT) (envelope-from rjh@mohawk.net) Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by mohegan.mohawk.net (8.11.3/8.11.3) with ESMTP id f64DCOx47233; Wed, 4 Jul 2001 09:12:24 -0400 (EDT) Date: Wed, 4 Jul 2001 09:12:24 -0400 (EDT) From: Ralph Huntington To: cjclark@alum.mit.edu Cc: freebsd-security@FreeBSD.ORG Subject: Re: firewall question In-Reply-To: <20010704002534.D1476@blossom.cjclark.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thank you vwery much. I should have found that myself. -=r=- On Wed, 4 Jul 2001, Crist J. Clark wrote: > On Tue, Jul 03, 2001 at 10:45:27AM -0400, Ralph Huntington wrote: > > > > ipfw: -1 Refuse TCP W.X.Y.Z:0 A.B.C.D:0 in via fxp0 > > ipfw: -1 Refuse TCP S.T.U.V:0 A.B.C.D:0 in via fxp0 > > FINE POINTS > o There is one kind of packet that the firewall will always discard, > that is a TCP packet's fragment with a fragment offset of one. This > is a valid packet, but it only has one use, to try to circumvent > firewalls. When logging is enabled, these packets are reported as > being dropped by rule -1. > > -- > Crist J. Clark cjclark@alum.mit.edu > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message