From owner-freebsd-security  Wed Jul  4  0:52:28 2001
Delivered-To: freebsd-security@freebsd.org
Received: from snipe.mail.pas.earthlink.net (snipe.mail.pas.earthlink.net [207.217.120.62])
	by hub.freebsd.org (Postfix) with ESMTP id 2707337B405
	for <freebsd-security@FreeBSD.ORG>; Wed,  4 Jul 2001 00:52:24 -0700 (PDT)
	(envelope-from cjc@earthlink.net)
Received: from blossom.cjclark.org (dialup-209.245.140.168.Dial1.SanJose1.Level3.net [209.245.140.168])
	by snipe.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id AAA20267;
	Wed, 4 Jul 2001 00:52:08 -0700 (PDT)
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.4/8.11.3) id f647PYH01823;
	Wed, 4 Jul 2001 00:25:34 -0700 (PDT)
	(envelope-from cjc)
Date: Wed, 4 Jul 2001 00:25:34 -0700
From: "Crist J. Clark" <cristjc@earthlink.net>
To: Ralph Huntington <rjh@mohawk.net>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: firewall question
Message-ID: <20010704002534.D1476@blossom.cjclark.org>
Reply-To: cjclark@alum.mit.edu
References: <20010702192720.P17514@speedy.gsinet> <Pine.BSF.4.21.0107031039010.18482-100000@mohegan.mohawk.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.BSF.4.21.0107031039010.18482-100000@mohegan.mohawk.net>; from rjh@mohawk.net on Tue, Jul 03, 2001 at 10:45:27AM -0400
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Tue, Jul 03, 2001 at 10:45:27AM -0400, Ralph Huntington wrote:
> The dmesg command shows a lot of these:
> 
> ipfw: -1 Refuse TCP W.X.Y.Z:0 A.B.C.D:0 in via fxp0
> ipfw: -1 Refuse TCP S.T.U.V:0 A.B.C.D:0 in via fxp0
> 
> (The uppercase letters represent the ip addresses)
> 
> There are no rules in ipfw blocking packets from addresses W.X.Y.Z or
> S.T.U.V to host A.B.C.D.  Can someone tell me what is going on here?

FINE POINTS
     o   There is one kind of packet that the firewall will always discard,
         that is a TCP packet's fragment with a fragment offset of one.  This
         is a valid packet, but it only has one use, to try to circumvent
         firewalls.  When logging is enabled, these packets are reported as
         being dropped by rule -1.

-- 
Crist J. Clark                           cjclark@alum.mit.edu

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message