From owner-freebsd-ipfw Sun Apr 16 11:55:45 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from totem.fix.no (totem.freenix.no [195.0.166.42]) by hub.freebsd.org (Postfix) with ESMTP id EE38837B7E8; Sun, 16 Apr 2000 11:55:34 -0700 (PDT) (envelope-from anders@totem.fix.no) Received: by totem.fix.no (Postfix, from userid 1000) id BEFEA573F; Sun, 16 Apr 2000 20:55:28 +0200 (CEST) Date: Sun, 16 Apr 2000 20:55:28 +0200 From: Anders Nordby To: freebsd-ipfw@freebsd.org Cc: freebsd-security@freebsd.org Subject: Closing incoming access to private (and other) networks with ipfw (and running natd) Message-ID: <20000416205528.F20667@totem.fix.no> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i X-Operating-System: FreeBSD 3.4-STABLE X-Warning: Listen, and thou shall not fear. Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I'm not really sure where I should ask this question, since it's (at least to me) both natd and ipfw related. I'm building a firewall with three network cards (3Com xl ones), that routes both public and private networks to and from the Internet. Natd works -- NICs on the segment routed directly to the Internet sees traffic from NICs on private networks as if it came from the IP of the NIC on the firewall on the same segment. Now, my problem is not routing/forwarding on the firewall, nor network address translation. I need to prevent incoming access to private networks through the firewall (and be sure it really works :-)). I've tried configuring natd with deny_incoming, but I can still ping IPs on private networks through xl0 (which is the NIC on the Firewall routed directly to the Internet). Now, that might be due to me using an extra alias on xl0 and routing through it. But I need to be able to block access from one network to the other, and still be able to access the one network from the other (and receive response to tcp/udp/icmp back with the same protocol). I've tried accomplishing this with stuff like ipfw add n deny all from any to 172.n.n.n in via xl0 and by using the keep-state/check-state etc. stuff introduced in FreeBSD 4.0, with no luck. :/ Either all traffic is denied (and I don't get replies back on requests which goes the legal permitted way), or all traffic (including unwanted) goes through. Does anyone have a solution for this? Any help appreciated -- examples, ideas, whatever. Cheers. -- Anders. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Sun Apr 16 22:19:31 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from home.offwhite.net (home.offwhite.net [156.46.35.30]) by hub.freebsd.org (Postfix) with ESMTP id ED6A537B5E4 for ; Sun, 16 Apr 2000 22:19:28 -0700 (PDT) (envelope-from brennan@offwhite.net) Received: from localhost (brennan@localhost) by home.offwhite.net (8.9.1/8.9.3) with ESMTP id AAA23833 for ; Mon, 17 Apr 2000 00:19:27 -0500 (CDT) Date: Mon, 17 Apr 2000 00:19:27 -0500 (CDT) From: Brennan W Stehling To: freebsd-ipfw@freebsd.org Subject: watching traffic Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I am using an applet which is making network connections and I would like to know exactly what it is doing. I want to know where the information is coming from and how the communication is being done and know that I can simply look at the network traffic, but I do not know how. I am running it on a computer on the my home network which is fed by a dsl through my FreeBSD ipnat gateway. Can anyone tell me what tools I can use to get a detailed picture of my traffic? Can anyone point out a good tutorial on this? Brennan Stehling - web developer and sys admin projects: www.greasydaemon.com | www.onmilwaukee.com | www.sncalumni.com fortune: The Fifth Rule: You have taken yourself too seriously. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Mon Apr 17 6:15:25 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 03DBE37B7B6; Mon, 17 Apr 2000 06:15:07 -0700 (PDT) (envelope-from green@FreeBSD.org) Date: Mon, 17 Apr 2000 09:14:49 -0400 (EDT) From: Brian Fundakowski Feldman X-Sender: green@green.dyndns.org To: Brennan W Stehling Cc: freebsd-ipfw@freebsd.org Subject: Re: watching traffic In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > I am running it on a computer on the my home network which is fed by a dsl > through my FreeBSD ipnat gateway. Can anyone tell me what tools I can use > to get a detailed picture of my traffic? Can anyone point out a good > tutorial on this? > Have you looked at tcpdump? It does come with FreeBSD, and it allows you to monitor arbitrary information on any network interface (except maybe PLIP ;). It's a powerful tool that, if that's what you're looking for, is the most popular/useful network tool used for reverse-engineering protocols. -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Mon Apr 17 6:55:59 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from home.offwhite.net (home.offwhite.net [156.46.35.30]) by hub.freebsd.org (Postfix) with ESMTP id CB72237B527 for ; Mon, 17 Apr 2000 06:55:55 -0700 (PDT) (envelope-from brennan@offwhite.net) Received: from localhost (brennan@localhost) by home.offwhite.net (8.9.1/8.9.3) with ESMTP id IAA25236 for ; Mon, 17 Apr 2000 08:55:54 -0500 (CDT) Date: Mon, 17 Apr 2000 08:55:54 -0500 (CDT) From: Brennan W Stehling To: freebsd-ipfw@freebsd.org Subject: Re: watching traffic In-Reply-To: <38FB14D9.CA3CEE51@origenbio.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Yes, I have used tcpdump briefly in the past, but it gives me too much data for me to understand. I guess I will have to find a way to make sense of all the data. I am thinking ntop may give me just the data that I need. I will also read more about tcpdump and try to limit the amount of data that it gives me. I always wanted to reverse engineer a few protocols. Brennan Stehling - web developer and sys admin projects: www.greasydaemon.com | www.onmilwaukee.com | www.sncalumni.com fortune: Living in LA is like not having a date on Saturday night. -- Candice Bergen On Mon, 17 Apr 2000, Richard Martin wrote: > Brennan, > > It depends on how much you want to know. > > At the bottom end of the scale is 'ntop' a program that looks at network > traffic in realtime and shows you a report on network traffic that looks > something like 'top'. > > At the other end is snort, a high efficiency packet analyzer with perl > routines for stat analysis. > > Both are in the ports collection. > > Good luck - > > Brennan W Stehling wrote: > > > > I am using an applet which is making network connections and I would like > > to know exactly what it is doing. I want to know where the information is > > coming from and how the communication is being done and know that I can > > simply look at the network traffic, but I do not know how. > > > > I am running it on a computer on the my home network which is fed by a dsl > > through my FreeBSD ipnat gateway. Can anyone tell me what tools I can use > > to get a detailed picture of my traffic? Can anyone point out a good > > tutorial on this? > > > > Brennan Stehling - web developer and sys admin > > projects: www.greasydaemon.com | www.onmilwaukee.com | www.sncalumni.com > > > > fortune: > > The Fifth Rule: > > You have taken yourself too seriously. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-ipfw" in the body of the message > > -- > Richard Martin dmartin@origen.com > > OriGen, inc. Tel: +1 512 474 7278 > 2525 Hartford Rd. Fax: +1 512 708 8522 > Austin, TX 78703 http://www.formed.net > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Mon Apr 17 8:38:10 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from storm.FreeBSD.org.uk (storm.freebsd.org.uk [194.242.139.170]) by hub.freebsd.org (Postfix) with ESMTP id A76AC37B5C4; Mon, 17 Apr 2000 08:38:02 -0700 (PDT) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (hak.nat.Awfulhak.org [172.31.0.12]) by storm.FreeBSD.org.uk (8.9.3/8.9.3) with ESMTP id QAA96274; Mon, 17 Apr 2000 16:37:55 +0100 (BST) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.9.3/8.9.3) with ESMTP id NAA16155; Mon, 17 Apr 2000 13:20:52 +0100 (BST) (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200004171220.NAA16155@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.1.1 10/15/1999 To: Anders Nordby Cc: freebsd-ipfw@FreeBSD.org, freebsd-security@FreeBSD.org, brian@hak.lan.Awfulhak.org Subject: Re: Closing incoming access to private (and other) networks with ipfw (and running natd) In-Reply-To: Message from Anders Nordby of "Sun, 16 Apr 2000 20:55:28 +0200." <20000416205528.F20667@totem.fix.no> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 17 Apr 2000 13:20:52 +0100 From: Brian Somers Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG The default (despite the libalias documentation, but in line with the natd documentation) behaviour when receiving new traffic bound for the internal network(s) *used* to be to let it through. This could be overridden with PacketAliasSetTarget() (-target_address to natd). *now* (in -stable & -current), PacketAliasSetTarget(INADDR_ANY) behaves as before and PacketAliasSetTarget(INADDR_NONE) goes to the alias address. The default is INADDR_NONE. Either way, if you ``-target_address 1.2.3.4'' where 1.2.3.4 is your alias address, you should effectively block connections from outside. > I'm not really sure where I should ask this question, since it's (at least > to me) both natd and ipfw related. I'm building a firewall with three > network cards (3Com xl ones), that routes both public and private networks > to and from the Internet. Natd works -- NICs on the segment routed > directly to the Internet sees traffic from NICs on private networks as if > it came from the IP of the NIC on the firewall on the same segment. > > Now, my problem is not routing/forwarding on the firewall, nor network > address translation. I need to prevent incoming access to private networks > through the firewall (and be sure it really works :-)). I've tried > configuring natd with deny_incoming, but I can still ping IPs on private > networks through xl0 (which is the NIC on the Firewall routed directly to > the Internet). Now, that might be due to me using an extra alias on xl0 > and routing through it. But I need to be able to block access from one > network to the other, and still be able to access the one network from the > other (and receive response to tcp/udp/icmp back with the same > protocol). I've tried accomplishing this with stuff like ipfw add n deny > all from any to 172.n.n.n in via xl0 and by using the > keep-state/check-state etc. stuff introduced in FreeBSD 4.0, with no > luck. :/ Either all traffic is denied (and I don't get replies back on > requests which goes the legal permitted way), or all traffic (including > unwanted) goes through. Does anyone have a solution for this? > > Any help appreciated -- examples, ideas, whatever. > > Cheers. > > -- > Anders. -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Mon Apr 17 11:12:14 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from lunatic.oneinsane.net (lunatic.oneinsane.net [207.113.133.231]) by hub.freebsd.org (Postfix) with ESMTP id E95EF37BA0C for ; Mon, 17 Apr 2000 11:12:07 -0700 (PDT) (envelope-from insane@lunatic.oneinsane.net) Received: by lunatic.oneinsane.net (Postfix, from userid 1000) id E7A3D5D91; Mon, 17 Apr 2000 11:12:03 -0700 (PDT) Date: Mon, 17 Apr 2000 11:12:03 -0700 From: Ron 'The InSaNe One' Rosson To: ipfilter@coombs.anu.edu.au Cc: freebsd-ipfw@freebsd.org Subject: IPFilter and FTP Message-ID: <20000417111203.A43465@lunatic.oneinsane.net> Reply-To: Ron Rosson Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i X-Operating-System: FreeBSD lunatic.oneinsane.net 4.0-RELEASE X-Moon: The Moon is Waxing Gibbous (99% of Full) X-Opinion: What you read here is my IMHO X-Disclaimer: I am a firm believer in RTFM X-WWW: http://www.oneinsane.net X-PGP-KEY: http://www.oneinsane.net/~insane/insane2-pgp5i.txt X-Uptime: 11:08AM up 2 days, 13:45, 1 user, load averages: 0.00, 0.00, 0.00 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I have constructed a Firewall using Ipfilter on my FreeBSD 3.4-STABLE server. It is using ipfilter from the base (3.3.8). I am trying to configure ipfilter to allow my network to ftp out and also be able for the internet to be able into my FTP server on my network. I have also have gone as far as installing fwtk on the box to help with the FTP issues but to no avail. If anyone has this figured out could you send me the info on how you got it accomplished. TIA -- ------------------------------------------------------------------------------ Ron Rosson ... and a UNIX user said ... The InSaNe One rm -rf * insane@oneinsane.net and all was /dev/null and *void() ------------------------------------------------------------------------------ I'm too sexy for mitosis. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Wed Apr 19 6:57:16 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from mail.rz.fh-wilhelmshaven.de (mail.rz.fh-wilhelmshaven.de [139.13.25.134]) by hub.freebsd.org (Postfix) with ESMTP id EE27E37BC7C for ; Wed, 19 Apr 2000 06:57:08 -0700 (PDT) (envelope-from ohoyer@fbwi.fh-wilhelmshaven.de) Received: from fettesau.stuwo.fh-wilhelmshaven.de (stuwopc5.stuwo.fh-wilhelmshaven.de [139.13.209.5]) by mail.rz.fh-wilhelmshaven.de (8.9.3/8.9.3) with SMTP id PAA05143 for ; Wed, 19 Apr 2000 15:57:00 +0200 (MET DST) Message-Id: <4.1.20000419153229.00c93920@mail.rz.fh-wilhelmshaven.de> X-Sender: ohoyer@mail.rz.fh-wilhelmshaven.de X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Wed, 19 Apr 2000 15:55:24 +0200 To: freebsd-ipfw@freebsd.org From: Olaf Hoyer Subject: Pinging Firewall Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi! I recently had a discussion about being pings harmful to security. (I'm preparing some material for lectures about e-commerce, part of it being internet security) Question: In which ways does a firewall handles pings? And, more important, in which phase of the TCP/IP receiving process of the ping may it be blocked? I thought of the risk about being pingflooded, and had some discussion if it is possible to block that... From my view, several scenarii came to mind: Ping comes it, and is routed to the destination (normal operation) Ping arrives, and is recognized as a ping, and is dropped, with no answer to originating system. Ping arrives, and is not even recognized, handled etc, but simply dropped... Is that possible? (Speaking of technical possibility, not of potential violation to RFC) It was in a discussion to minimize the risk of being pingflooded.. Comments? Regards Olaf Hoyer -------- Olaf Hoyer www.nightfire.de mailto:Olaf.Hoyer@nightfire.de FreeBSD- Turning PC's into workstations ICQ:22838075 Liebe und Hass sind nicht blind, aber geblendet vom Feuer, dass sie selber mit sich tragen. (Nietzsche) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Wed Apr 19 16:37:38 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from ns.itga.com.au (ns.itga.com.au [202.53.40.210]) by hub.freebsd.org (Postfix) with ESMTP id 7DCE237B857 for ; Wed, 19 Apr 2000 16:37:31 -0700 (PDT) (envelope-from gnb@itga.com.au) Received: from lightning.itga.com.au (lightning.itga.com.au [192.168.71.20]) by ns.itga.com.au (8.9.3/8.9.3) with ESMTP id JAA18572; Thu, 20 Apr 2000 09:37:27 +1000 (EST) (envelope-from gnb@itga.com.au) Received: from itga.com.au (lightning.itga.com.au [192.168.71.20]) by lightning.itga.com.au (8.9.3/8.9.3) with ESMTP id JAA25250; Thu, 20 Apr 2000 09:37:25 +1000 (EST) Message-Id: <200004192337.JAA25250@lightning.itga.com.au> X-Mailer: exmh version 2.0.1 12/23/97 From: Gregory Bond To: Olaf Hoyer Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Pinging Firewall In-reply-to: Your message of Wed, 19 Apr 2000 15:55:24 +0200. Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 20 Apr 2000 09:37:25 +1000 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Question: In which ways does a firewall handles pings? It is part of the low-level networking code in the kernel. > And, more important, in which phase of the TCP/IP receiving process of the > ping may it be blocked? Ping has nothing to do with TCP. Ping uses ICMP packets. You can block pings using the appropriate rules in ipfw. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu Apr 20 8:51:26 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from mail.rz.fh-wilhelmshaven.de (mail.rz.fh-wilhelmshaven.de [139.13.25.134]) by hub.freebsd.org (Postfix) with ESMTP id 0D52237B8B0 for ; Thu, 20 Apr 2000 08:51:22 -0700 (PDT) (envelope-from ohoyer@fbwi.fh-wilhelmshaven.de) Received: from fettesau.stuwo.fh-wilhelmshaven.de (stuwopc5.stuwo.fh-wilhelmshaven.de [139.13.209.5]) by mail.rz.fh-wilhelmshaven.de (8.9.3/8.9.3) with SMTP id RAA12960; Thu, 20 Apr 2000 17:51:06 +0200 (MET DST) Message-Id: <4.1.20000420174210.00aacec0@mail.rz.fh-wilhelmshaven.de> X-Sender: ohoyer@mail.rz.fh-wilhelmshaven.de X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Thu, 20 Apr 2000 17:45:49 +0200 To: Gregory Bond From: Olaf Hoyer Subject: Re: Pinging Firewall Cc: freebsd-ipfw@FreeBSD.ORG In-Reply-To: <200004192337.JAA25250@lightning.itga.com.au> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG At 09:37 20.04.00 +1000, you wrote: >> Question: In which ways does a firewall handles pings? > >It is part of the low-level networking code in the kernel. > >> And, more important, in which phase of the TCP/IP receiving process of the >> ping may it be blocked? > >Ping has nothing to do with TCP. Ping uses ICMP packets. > >You can block pings using the appropriate rules in ipfw. > Hi! Sorry, really had the head full with other stuff... Had also to care last days about protocols like Netbios/Netbeui, so TCP/IP was just the opposite to that.... ;-) Are there any good sources, describing in detail, in which phase of the receiving process IP/ICMP/UDP packets are possible to filter/block? (Others than the 4.x BSD book, preferrably online...) Regards Olaf Hoyer -------- Olaf Hoyer www.nightfire.de mailto:Olaf.Hoyer@nightfire.de FreeBSD- Turning PC's into workstations ICQ:22838075 Liebe und Hass sind nicht blind, aber geblendet vom Feuer, dass sie selber mit sich tragen. (Nietzsche) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Fri Apr 21 21:56:24 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from hydrant.intranova.net (msb-ts-slip19.UMDNJ.EDU [130.219.28.82]) by hub.freebsd.org (Postfix) with SMTP id 91C9337B95F for ; Fri, 21 Apr 2000 21:56:19 -0700 (PDT) (envelope-from oogali@intranova.net) Received: (qmail 12651 invoked from network); 22 Apr 2000 04:08:19 -0000 Received: from localhost.abuselabs.com (HELO localhost) (missnglnk@127.0.0.1) by localhost.abuselabs.com with SMTP; 22 Apr 2000 04:08:19 -0000 Date: Sat, 22 Apr 2000 00:08:19 -0400 (EDT) From: Omachonu Ogali To: Ron 'The InSaNe One' Rosson Cc: ipfilter@coombs.anu.edu.au, freebsd-ipfw@freebsd.org Subject: Re: IPFilter and FTP In-Reply-To: <20000417111203.A43465@lunatic.oneinsane.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG You have to allow incoming connections to port 20. pass in [log body quick - options] proto tcp from any port = 20 to whatever.host.com:XXX.XXX.XXX.XXX port >= 49152 keep frags group NNN I assume you understand the missing ingredients (the N's and X's), if not reply back and I will happily explain. On Mon, 17 Apr 2000, Ron 'The InSaNe One' Rosson wrote: > I have constructed a Firewall using Ipfilter on my FreeBSD 3.4-STABLE > server. It is using ipfilter from the base (3.3.8). I am trying to > configure ipfilter to allow my network to ftp out and also be able for > the internet to be able into my FTP server on my network. I have also > have gone as far as installing fwtk on the box to help with the FTP > issues but to no avail. If anyone has this figured out could you send me > the info on how you got it accomplished. > > TIA > -- +-------------------------------------------------------------------------+ | Omachonu Ogali oogali@intranova.net | | Intranova Networking Group http://tribune.intranova.net | | PGP Key ID: 0xBFE60839 | | PGP Fingerprint: C8 51 14 FD 2A 87 53 D1 E3 AA 12 12 01 93 BD 34 | +-------------------------------------------------------------------------+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message