Date: Tue, 29 May 2001 15:11:22 -0700 From: "Crist Clark" <crist.clark@globalstar.com> To: Liran Dahan <lirandb@netvision.net.il> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Syn+Fin (Setup) And TCP RST Message-ID: <3B141E8A.5AC7E84E@globalstar.com> References: <010f01c0e888$5ab3c120$b88f39d5@a> <200105291052100670.246E525C@smtp> <012601c0e88c$3e6efb20$b88f39d5@a>
next in thread | previous in thread | raw e-mail | index | archive | help
Liran Dahan wrote: > > Yes, you right, i noticed it just now, i've changed the variable > net.inet.tcp.restrict_rst to 1 and saw it took me ages till i got Connection > timeout.. so what can be the problem.. why my firewall is not sending TCP > RST when im doing ipfw add reset tcp from any to any ? The output of, # ipfw show # tcpdump -nv 'host <host_you_telnet_from>' <do the telnet test from the testing host> # ipfw show Yes, two 'ipfw show's to see if we can see the packets being counted in another rule. Perhaps add some logging. We want to be _sure_ that the connection attempts are actually triggering the rule with the 'reset' action before jumping to conclusions about no RSTs. I would be surprised if TCP_RESTRICT_RST is interfering with this. IIRC, the code for "spoofing" these RSTs in the firewall lives in other parts of the kernel from that generating "real" RSTs (where TCP_RESTRICT_RST would have its effects). -- Crist J. Clark Network Security Engineer crist.clark@globalstar.com Globalstar, L.P. (408) 933-4387 FAX: (408) 933-4926 The information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact postmaster@globalstar.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B141E8A.5AC7E84E>