Date: Sat, 18 Jul 1998 18:22:07 -0500 (CDT) From: Alex Nash <nash@mcs.net> To: andrew@squiz.co.nz Cc: maillist@oaks.com.au, freebsd-security@FreeBSD.ORG Subject: Re: rc.firewall (was Re: Large-scale scan of SNMP ports) Message-ID: <199807182322.SAA27596@nash.pr.mcs.net> In-Reply-To: <Pine.BSF.3.96.980719082909.3806A-100000@aniwa.sky>
next in thread | previous in thread | raw e-mail | index | archive | help
On 19 Jul, Andrew McNaughton wrote: > Can anyone explain this... Took place within a second while I've been > writing this, repeated 2 minutes later. yy.yy.yy.yy is a distant remote > host > > ipfw: 40000 Accept ICMP:8.0 yy.yy.yy.yy xx.xx.xx.xx in via de0 > ipfw: 40000 Accept ICMP:166.79 yy.yy.yy.yy xx.xx.xx.xx in via de0 Fragment = 69 > ipfw: 40010 Accept ICMP:0.0 xx.xx.xx.xx yy.yy.yy.yy out via de0 > > > Is the 79 in the middle line the port number of a fragmented packet? This is a bug, the ICMP type and subtype should not be displayed for this fragmented packet (the information isn't present). I'll commit a fix for this shortly. Alex To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807182322.SAA27596>