From nobody Thu Dec 30 07:16:45 2021 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 75C301914EF2 for ; Thu, 30 Dec 2021 07:17:29 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JPfjj24T2z4ST9 for ; Thu, 30 Dec 2021 07:17:29 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: by mail-lj1-x233.google.com with SMTP id p7so38568267ljj.1 for ; Wed, 29 Dec 2021 23:17:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tenebras-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=gRJvloaGcy9MXnioDOal7dFc9KUpMNSHhzMBTb6K9qE=; b=iPjMnJV9QmTksXSOPPsSn0MoAdeKzQ8r7WP/KnM6PqUonkocTWMWKEKpWt3IaTz0Yt MTjQyEv7mDRgXVCy3/9tWsuQalDK8ErLpDH1G1yiZ8kIFFelkMDiP8UvDnaO7ONvnh9Y L/CLshDny0MWDsO3crZLyybSa0ST8SvrpoECNpouTKlWyfEcMaMjzeMlUbfYq70oEV8G WyMKqL5eccv/2gBQo/ckqeXBW7uf7GMjkLQ7AIWsVtBQkw5Kqd3YyPS6C22Pf2fOA7D7 +LFTc9CUUzI0AUQ1rrTgrxieMgtlyL3u52cBoHCOd/K9nWWfbc0wCGIvL4klv34gJtHs 0pWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=gRJvloaGcy9MXnioDOal7dFc9KUpMNSHhzMBTb6K9qE=; b=7X+NTBx1ISI0yksmUHpuHE/FuElCJHMFlRJqikGLR7aQXprjgp0CO5Uh7p5fD03gl2 JnNeCXjf/M6VOCbf/eAwBVL5rI0Q2ZClPWXD1sU6b80dPFLZeQRYo/3rzB3CdKsYdQrD dbr7llTPcAiVlPS2+UVqOOKCHGh4XuUEqSU3MdLgGxmNFvvLl5ZgzUNzIvysooEfww/y sJjtEj4wE86XSU5K9LKiiH4AKizGEMOaQ47nvVG9hXop1h+TLT+lzSPD/qpgWfFdUg7v IIET7u6LeSYmJ4SUWYE7tlP1S9gS6IiDDQBt/+gBPhVAXWDiILHCugcPZHDcUia9rAbZ kYDw== X-Gm-Message-State: AOAM530j+xZE+EBh7jx461nNeMm534aLhZA7uUkw/TQT+dTm71Cpa9mT xPQS1mNE5cwq0vulvI89mEjjKFiNUtIaZiokOziVvA== X-Google-Smtp-Source: ABdhPJzMLJeVftYbYhjr11UyxgCUsgMrMBGX6Wxo6EY5alGxTgxh3pQQ5JsoKsD/H7ea3uM/O6MLOMDdG0eEyRDViCo= X-Received: by 2002:a2e:860e:: with SMTP id a14mr6961013lji.290.1640848640856; Wed, 29 Dec 2021 23:17:20 -0800 (PST) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 References: <8b2c341d-10e6-51a2-0654-86f4394865c7@tundraware.com> <20211230070529.9dba7412d68b6c417251058d@sohara.org> In-Reply-To: <20211230070529.9dba7412d68b6c417251058d@sohara.org> From: Michael Sierchio Date: Wed, 29 Dec 2021 23:16:45 -0800 Message-ID: Subject: Re: ipfw syntax clarification To: "Steve O'Hara-Smith" Cc: Kurt Hackenberg , "questions@FreeBSD.org" Content-Type: multipart/alternative; boundary="0000000000005e646905d457d872" X-Rspamd-Queue-Id: 4JPfjj24T2z4ST9 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-ThisMailContainsUnwantedMimeParts: N --0000000000005e646905d457d872 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, Dec 29, 2021 at 11:05 PM Steve O'Hara-Smith wrote: > On Wed, 29 Dec 2021 22:32:20 -0800 > Michael Sierchio wrote: > > > Actual location of IP addresses > > is something known to the CDNs (Akamai, Cloudflare, AWS, etc.) and is > > somewhat proprietary. > > Even they only guess based on what they can find out about who > controls which block, Not so =E2=80=93 the location DB used by the large CDNs are empirical, and = based on RTT of probes which happen all the time from many different geo locations. It's pretty easy to infer where the targets are. These are usually ICMP PINGs in groups of 3 =E2=80=93 sometimes they are TCP to a presumably close= d port, expecting a RST. > > -- > Steve O'Hara-Smith > --0000000000005e646905d457d872 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Wed, Dec 29, 2021 at 11:05 PM Stev= e O'Hara-Smith <steve@sohara.org= > wrote:
= On Wed, 29 Dec 2021 22:32:20 -0800
Michael Sierchio <kudzu@tenebras.com> wrote:

> Actual location of IP addresses
> is something known to the CDNs (Akamai, Cloudflare, AWS, etc.) and is<= br> > somewhat proprietary.

=C2=A0 =C2=A0 =C2=A0 =C2=A0 Even they only guess based on what they can fin= d out about who
controls which block,

Not so =E2=80=93 the= location DB used by the large CDNs are empirical, and based on RTT of prob= es which happen all the time from many different geo locations.=C2=A0 It= 9;s pretty easy to infer where the targets are.=C2=A0 These are usually ICM= P PINGs in groups of 3 =E2=80=93 sometimes they are TCP to a presumably clo= sed port, expecting a RST.=C2=A0 =C2=A0
=C2=A0

--
Steve O'Hara-Smith <steve@sohara.org>
--0000000000005e646905d457d872--