From owner-freebsd-security Fri Dec 14 14:42:11 2001 Delivered-To: freebsd-security@freebsd.org Received: from harrier.prod.itd.earthlink.net (harrier.mail.pas.earthlink.net [207.217.120.12]) by hub.freebsd.org (Postfix) with ESMTP id BE4A837B41B for ; Fri, 14 Dec 2001 14:42:04 -0800 (PST) Received: from dialup-209.245.137.160.dial1.sanjose1.level3.net ([209.245.137.160] helo=blossom.cjclark.org) by harrier.prod.itd.earthlink.net with esmtp (Exim 3.33 #1) id 16F11h-0001ny-00; Fri, 14 Dec 2001 14:41:58 -0800 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.3) id fBEMfrU04526; Fri, 14 Dec 2001 14:41:53 -0800 (PST) (envelope-from cjc) Date: Fri, 14 Dec 2001 14:41:53 -0800 From: "Crist J . Clark" To: endrju Cc: freebsd-security@FreeBSD.ORG Subject: Re: ipfw+syn Message-ID: <20011214144153.A3473@blossom.cjclark.org> References: <005d01c183f8$2932aec0$8241949f@TRDC> <20011213130508.A20968@mail.slc.edu> <20011213131120.A21111@mail.slc.edu> <016001c18402$bd795110$8241949f@TRDC> <001601c18403$373ff030$5e3bad86@boredom> <005d01c184a4$a6aeefb0$8241949f@TRDC> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <005d01c184a4$a6aeefb0$8241949f@TRDC>; from endrju@mail.lv on Fri, Dec 14, 2001 at 03:38:44PM +0200 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Dec 14, 2001 at 03:38:44PM +0200, endrju wrote: > ...# ipfw -a list > 00100 0 0 allow ip from any to any frag > 00200 419 44610 allow ip from any to any > 65535 884 92423 deny ip from any to any > > but anyway: > > su-2.04# nmap -sS -f aaa.bbb.ccc.ddd > Starting nmap V. 2.53 by fyodor@insecure.org (www.insecure.org/nmap/ ) > sendto in send_syn_fragz: Permission denied It's clear that ipfw(8) is blocking these. Your command line will work fine on a FreeBSD machine without ipfw(8) running. I'll see if I can figure out exactly where it is dropping these. -- "It's always funny until someone gets hurt. Then it's hilarious." Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message