From owner-freebsd-security  Sat Feb  3  7:32:58 2001
Delivered-To: freebsd-security@freebsd.org
Received: from caligula.anu.edu.au (caligula.anu.edu.au [150.203.224.42])
	by hub.freebsd.org (Postfix) with ESMTP id 54FA637B401
	for <security@FreeBSD.ORG>; Sat,  3 Feb 2001 07:32:40 -0800 (PST)
Received: (from avalon@localhost)
	by caligula.anu.edu.au (8.9.3/8.9.3) id CAA20696;
	Sun, 4 Feb 2001 02:32:29 +1100 (EST)
From: Darren Reed <avalon@coombs.anu.edu.au>
Message-Id: <200102031532.CAA20696@caligula.anu.edu.au>
Subject: Re: strange dropped packets
In-Reply-To: <Pine.BSO.4.21.0102021042360.30602-100000@prg.traveller.cz> from Michal Mertl at "Feb 2, 1 11:55:22 am"
To: mime@traveller.cz (Michal Mertl)
Date: Sun, 4 Feb 2001 02:32:29 +1100 (EST)
Cc: security@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL39 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In some mail from Michal Mertl, sie said:
> I've installed and configured several FreeBSD boxes (>=4.1). On all of
> them I use log_in_vain="YES" in rc.conf. Sometime I also install ipfilter
> (with rules with minimal holes in and outbound traffic with "keep state").
> Either with ipfilter installed or not I see dropped packets in
> /var/log/messages (result of log_in_vain) which seems to me like last
> packets of a regular communications open from inside (either UDP (dns
> queries) or TCP (mostly web)).

On the internet today, I wouldn't be surprised if some packets can transit
the network and take enough time that the state a connection is in causes
it to expire before the "next" packet arrices.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message