From owner-freebsd-security@FreeBSD.ORG Thu Sep 2 03:00:06 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AAACE16A4CE for ; Thu, 2 Sep 2004 03:00:06 +0000 (GMT) Received: from hotmail.com (bay1-f16.bay1.hotmail.com [65.54.245.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9D35843D48 for ; Thu, 2 Sep 2004 03:00:06 +0000 (GMT) (envelope-from pineful@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 1 Sep 2004 20:00:06 -0700 Received: from 61.187.54.13 by by1fd.bay1.hotmail.msn.com with HTTP; Thu, 02 Sep 2004 03:00:06 GMT X-Originating-IP: [61.187.54.13] X-Originating-Email: [pineful@hotmail.com] X-Sender: pineful@hotmail.com From: "Pine Ful" To: freebsd-security@freebsd.org Date: Thu, 02 Sep 2004 03:00:06 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 02 Sep 2004 03:00:06.0545 (UTC) FILETIME=[F35AA810:01C49098] Subject: Question::page fault::vm:::encrypt and decrypt file data X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Sep 2004 03:00:06 -0000 hi, Q1: How to produce a page fault? Q2: How translate physical memory address into virtual memory address? Because phys addr is 64 bit and virtual addr is 32 bit. Q1 description:: I have succeed to add hook in vfs layer to encrypt file data before write and decrypt file data after read. Now, when I use cp command, system will reboot, it seem to caused by encrypt data whose addr is uio->uio_iov->iov_base. Is it ok if only I produce a page fault manually? Q2 description:: I try to decrypt file data when page fault. I find it's easy to get physical address from virtual address, but when page fault, kern will page in several pages including page we require, how can I get virtual memory address of these pages? May I access data in physical memory directly? If yes, how tranlate 64 bit phys addr into 32 bit virt addr? Thanks!!!! pine _________________________________________________________________ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail From owner-freebsd-security@FreeBSD.ORG Thu Sep 2 03:23:40 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AEABC16A4CE for ; Thu, 2 Sep 2004 03:23:40 +0000 (GMT) Received: from metafocus.net (cbshost-12-155-142-123.sbcox.net [12.155.142.123]) by mx1.FreeBSD.org (Postfix) with ESMTP id 60EEF43D3F for ; Thu, 2 Sep 2004 03:23:40 +0000 (GMT) (envelope-from mudman@metafocus.net) Received: from metafocus.net (localhost [127.0.0.1]) by metafocus.net (8.12.10/8.12.10) with ESMTP id i823bqgN031190 for ; Wed, 1 Sep 2004 20:37:52 -0700 (PDT) (envelope-from mudman@metafocus.net) Received: from localhost (mudman@localhost)i823bq1d031187 for ; Wed, 1 Sep 2004 20:37:52 -0700 (PDT) (envelope-from mudman@metafocus.net) Date: Wed, 1 Sep 2004 20:37:52 -0700 (PDT) From: Dave To: freebsd-security@freebsd.org Message-ID: <20040901203202.U31170@metafocus.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: IPFW and icmp X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Sep 2004 03:23:40 -0000 I'm not a master of the internet RFCs, but I do believe icmp messages have different types. Now to enable traceroute for IPFW, I might put in a rule like this: ipfw add pass icmp from any to me However, how would I make a rule to limit icmp messages to just those used by traceroute? Can the messages be distinguished as such? A dynamic rule that exists only for the duration of a traceroute execution would be even better. I take it 'setup' or 'check-state' would follow in that case? From owner-freebsd-security@FreeBSD.ORG Thu Sep 2 03:57:39 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4CA0116A4CE for ; Thu, 2 Sep 2004 03:57:39 +0000 (GMT) Received: from mproxy.gmail.com (mproxy.gmail.com [216.239.56.251]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3C44C43D39 for ; Thu, 2 Sep 2004 03:57:39 +0000 (GMT) (envelope-from chip.gwyn@gmail.com) Received: by mproxy.gmail.com with SMTP id w67so111733cwb for ; Wed, 01 Sep 2004 20:57:39 -0700 (PDT) Received: by 10.11.119.50 with SMTP id r50mr139082cwc; Wed, 01 Sep 2004 20:57:38 -0700 (PDT) Received: by 10.11.117.61 with HTTP; Wed, 1 Sep 2004 20:57:38 -0700 (PDT) Message-ID: <64a8ad980409012057321aea0c@mail.gmail.com> Date: Wed, 1 Sep 2004 23:57:38 -0400 From: chip To: freebsd-security@freebsd.org In-Reply-To: <20040901203202.U31170@metafocus.net> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <20040901203202.U31170@metafocus.net> Subject: Re: IPFW and icmp X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: chip List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Sep 2004 03:57:39 -0000 On Wed, 1 Sep 2004 20:37:52 -0700 (PDT), Dave wrote: > > I'm not a master of the internet RFCs, but I do believe icmp messages have > different types. > > Now to enable traceroute for IPFW, I might put in a rule like this: > > ipfw add pass icmp from any to me > > However, how would I make a rule to limit icmp messages to just those used > by traceroute? Can the messages be distinguished as such? > > A dynamic rule that exists only for the duration of a traceroute execution > would be even better. I take it 'setup' or 'check-state' would follow in > that case? > Dave, I can't comment much on how to build the exact rules you need, but you should be made aware that different implementations of traceroute achieve the results in different ways. Cisco routers and most *nix boxen use UDP packets while Microsoft stuff uses ICMP. A good guide to the difference: http://www.cisco.com/warp/public/105/traceroute.shtml >From a quick google search however, I find the following from: http://lists.freebsd.org/pipermail/freebsd-security/2004-February/001585.html # TRACEROUTE - Allow outgoing ${fwcmd} add pass udp from any to any 33434-33523 out via ${oif} Hope this helps! --chip -- Just my $.02, your mileage may vary, batteries not included, etc.... From owner-freebsd-security@FreeBSD.ORG Thu Sep 2 06:37:06 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0A31716A4CE for ; Thu, 2 Sep 2004 06:37:06 +0000 (GMT) Received: from gandalf.online.bg (gandalf.online.bg [217.75.128.9]) by mx1.FreeBSD.org (Postfix) with SMTP id 57BC443D48 for ; Thu, 2 Sep 2004 06:37:04 +0000 (GMT) (envelope-from roam@ringlet.net) Received: (qmail 4743 invoked from network); 2 Sep 2004 06:35:34 -0000 Received: from unknown (HELO straylight.m.ringlet.net) (217.75.134.254) by gandalf.online.bg with SMTP; 2 Sep 2004 06:35:34 -0000 Received: (qmail 45920 invoked by uid 1000); 2 Sep 2004 06:37:20 -0000 Date: Thu, 2 Sep 2004 09:37:20 +0300 From: Peter Pentchev To: chip Message-ID: <20040902063720.GB20448@straylight.m.ringlet.net> Mail-Followup-To: chip , freebsd-security@freebsd.org References: <20040901203202.U31170@metafocus.net> <64a8ad980409012057321aea0c@mail.gmail.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="BwCQnh7xodEAoBMC" Content-Disposition: inline In-Reply-To: <64a8ad980409012057321aea0c@mail.gmail.com> User-Agent: Mutt/1.5.6i cc: freebsd-security@freebsd.org Subject: Re: IPFW and icmp X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Sep 2004 06:37:06 -0000 --BwCQnh7xodEAoBMC Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Sep 01, 2004 at 11:57:38PM -0400, chip wrote: > On Wed, 1 Sep 2004 20:37:52 -0700 (PDT), Dave wrot= e: > >=20 > > I'm not a master of the internet RFCs, but I do believe icmp messages h= ave > > different types. > >=20 > > Now to enable traceroute for IPFW, I might put in a rule like this: > >=20 > > ipfw add pass icmp from any to me > >=20 > > However, how would I make a rule to limit icmp messages to just those u= sed > > by traceroute? Can the messages be distinguished as such? > >=20 > > A dynamic rule that exists only for the duration of a traceroute execut= ion > > would be even better. I take it 'setup' or 'check-state' would follow = in > > that case? >=20 > Dave, >=20 > I can't comment much on how to build the exact rules you need, but > you should be made aware that different implementations of traceroute > achieve the results in different ways. Cisco routers and most *nix > boxen use UDP packets while Microsoft stuff uses ICMP. A good guide > to the difference: >=20 > http://www.cisco.com/warp/public/105/traceroute.shtml >=20 > >From a quick google search however, I find the following from:=20 > http://lists.freebsd.org/pipermail/freebsd-security/2004-February/001585.= html >=20 > # TRACEROUTE - Allow outgoing > ${fwcmd} add pass udp from any to any 33434-33523 out via ${oif} I think Dave was a bit more interested in setting up his rules for *incoming* packets, not the outgoing ones :) No matter which favor of traceroute is used, they all depend on receiving 'Time exceeded' ICMP responses (type 11) - usually 'time exceeded in transit' (type 11, code 0), but allowing all of type 11 should put you on the safe side. Also, when blocking incoming ICMP requests and replies, please, please, *please* take care to NOT block type 3 (destination unreachable) - blocking 'need to fragment' packets (type 3, code 4) is a way to instant gratification, if your idea of gratification is being a blackhole router which breaks the Path MTU discovery for any poor soul who decides (or simply has to) route through you, and for your own outgoing connections, too. Other useful ICMP types are 0 (echo/ping reply), 4 (source quench, for throttling down (usually) TCP connections if some device further down the path cannot handle the packet rate), 8 (echo/ping request), 30 (Windows traceroute), but you *could* block those without much harm to the TCP/IP protocol stack, the only thing harmed would be functionality - e.g. blocking types 0 and 8 would deprive you of pings, blocking type 30 would stop Windows traceroute from working, blocking type 4 would mean that TCP connections going over a much slower link somewhere down the line would be additionally slowed down by lots of retransmissions instead of simply bringing down the packet rate. However, whatever you block, please don't block type 3 code 4, and better not block any of the type 3's :) G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@cnsys.bg roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If the meanings of 'true' and 'false' were switched, then this sentence wou= ldn't be false. --BwCQnh7xodEAoBMC Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBNr+g7Ri2jRYZRVMRAufiAKCK5+vZRdZoVulPyHxsLrIchuwPzACfUTB0 +DazyfzZWOi2Q40Fr4Io03k= =364A -----END PGP SIGNATURE----- --BwCQnh7xodEAoBMC-- From owner-freebsd-security@FreeBSD.ORG Thu Sep 2 07:32:08 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3438216A4CE for ; Thu, 2 Sep 2004 07:32:08 +0000 (GMT) Received: from smtp.customer.uunet.se (smtp.customer.uunet.se [195.129.12.253]) by mx1.FreeBSD.org (Postfix) with ESMTP id 448D743D48 for ; Thu, 2 Sep 2004 07:32:07 +0000 (GMT) (envelope-from freebsd-security@ust.dk) Received: from [195.24.31.210] (port=45008 helo=[129.181.247.38]) by smtp.customer.uunet.se with esmtp id 1C2m4j-0000Hl-Kr for freebsd-security@freebsd.org; Thu, 02 Sep 2004 07:32:05 +0000 Message-ID: <4136CCF5.2080707@ust.dk> Date: Thu, 02 Sep 2004 09:34:13 +0200 From: Laust Jespersen User-Agent: Mozilla Thunderbird 0.7.3 (Windows/20040803) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <20040901203202.U31170@metafocus.net> <64a8ad980409012057321aea0c@mail.gmail.com> <20040902063720.GB20448@straylight.m.ringlet.net> In-Reply-To: <20040902063720.GB20448@straylight.m.ringlet.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: IPFW and icmp X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Sep 2004 07:32:08 -0000 Peter Pentchev wrote: > On Wed, Sep 01, 2004 at 11:57:38PM -0400, chip wrote: > >>On Wed, 1 Sep 2004 20:37:52 -0700 (PDT), Dave wrote: >> >>>I'm not a master of the internet RFCs, but I do believe icmp messages have >>>different types. >>> >>>Now to enable traceroute for IPFW, I might put in a rule like this: >>> >>>ipfw add pass icmp from any to me >>> >>>However, how would I make a rule to limit icmp messages to just those used >>>by traceroute? Can the messages be distinguished as such? >>> >>>A dynamic rule that exists only for the duration of a traceroute execution >>>would be even better. I take it 'setup' or 'check-state' would follow in >>>that case? >> >>Dave, >> >> I can't comment much on how to build the exact rules you need, but >>you should be made aware that different implementations of traceroute >>achieve the results in different ways. Cisco routers and most *nix >>boxen use UDP packets while Microsoft stuff uses ICMP. A good guide >>to the difference: >> >>http://www.cisco.com/warp/public/105/traceroute.shtml >> >>>From a quick google search however, I find the following from: >>http://lists.freebsd.org/pipermail/freebsd-security/2004-February/001585.html >> >># TRACEROUTE - Allow outgoing >>${fwcmd} add pass udp from any to any 33434-33523 out via ${oif} > > > I think Dave was a bit more interested in setting up his rules for > *incoming* packets, not the outgoing ones :) No matter which favor of > traceroute is used, they all depend on receiving 'Time exceeded' ICMP > responses (type 11) - usually 'time exceeded in transit' (type 11, code > 0), but allowing all of type 11 should put you on the safe side. > > Also, when blocking incoming ICMP requests and replies, please, please, > *please* take care to NOT block type 3 (destination unreachable) - > blocking 'need to fragment' packets (type 3, code 4) is a way to instant > gratification, if your idea of gratification is being a blackhole router > which breaks the Path MTU discovery for any poor soul who decides (or > simply has to) route through you, and for your own outgoing connections, > too. > > Other useful ICMP types are 0 (echo/ping reply), 4 (source quench, for > throttling down (usually) TCP connections if some device further down > the path cannot handle the packet rate), 8 (echo/ping request), 30 > (Windows traceroute), but you *could* block those without much harm to > the TCP/IP protocol stack, the only thing harmed would be functionality > - e.g. blocking types 0 and 8 would deprive you of pings, blocking type > 30 would stop Windows traceroute from working, blocking type 4 would > mean that TCP connections going over a much slower link somewhere down > the line would be additionally slowed down by lots of retransmissions > instead of simply bringing down the packet rate. However, whatever you > block, please don't block type 3 code 4, and better not block any of the > type 3's :) > > G'luck, > Peter > Apart from Peter's excellent clarification, let Me recommend reading Dru Lavigne's great article series on ipfw located at onlamp: http://www.onlamp.com/pub/a/bsd/2001/04/25/FreeBSD_Basics.html http://www.onlamp.com/pub/a/bsd/2001/05/09/FreeBSD_Basics.html http://www.onlamp.com/pub/a/bsd/2001/06/01/FreeBSD_Basics.html I found them very helpful when I started with ipfw. Med venlig hilsen / Best Regards Laust Jespersen http://www.ust.dk ====================================================================== Viking Rule of Acquisition 1: Remember where you beached the long ship From owner-freebsd-security@FreeBSD.ORG Thu Sep 2 17:05:30 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A48CD16A4CE for ; Thu, 2 Sep 2004 17:05:30 +0000 (GMT) Received: from ns1.tiadon.com (SMTP.tiadon.com [69.27.132.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3F76E43D5F for ; Thu, 2 Sep 2004 17:05:30 +0000 (GMT) (envelope-from kdk@daleco.biz) Received: from [69.27.131.0] ([69.27.131.0]) by ns1.tiadon.com with Microsoft SMTPSVC(6.0.3790.0); Thu, 2 Sep 2004 12:04:56 -0500 Message-ID: <413752D6.4060100@daleco.biz> Date: Thu, 02 Sep 2004 12:05:26 -0500 From: "Kevin D. Kinsey, DaleCo, S.P." User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7) Gecko/20040712 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Dave References: <20040901203202.U31170@metafocus.net> In-Reply-To: <20040901203202.U31170@metafocus.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 02 Sep 2004 17:04:57.0313 (UTC) FILETIME=[F9680510:01C4910E] cc: freebsd-security@freebsd.org Subject: Re: IPFW and icmp X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Sep 2004 17:05:30 -0000 Dave wrote: >I'm not a master of the internet RFCs, but I do believe icmp messages have >different types. > >Now to enable traceroute for IPFW, I might put in a rule like this: > >ipfw add pass icmp from any to me > >However, how would I make a rule to limit icmp messages to just those used >by traceroute? Can the messages be distinguished as such? > > > I use, thus far, "allow icmp from any to any icmptypes 0,3,4,8,11". That include 'echo request', of course. Someone else may have a better idea. >A dynamic rule that exists only for the duration of a traceroute execution >would be even better. I take it 'setup' or 'check-state' would follow in >that case? > > > Seems likely. *sigh* one more manpage to read.... ;-) Kevin Kinsey From owner-freebsd-security@FreeBSD.ORG Fri Sep 3 13:15:38 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0569C16A4D4 for ; Fri, 3 Sep 2004 13:15:38 +0000 (GMT) Received: from mxsf12.cluster1.charter.net (mxsf12.cluster1.charter.net [209.225.28.212]) by mx1.FreeBSD.org (Postfix) with ESMTP id A6E1E43D3F for ; Fri, 3 Sep 2004 13:15:37 +0000 (GMT) (envelope-from c0ldbyte@myrealbox.com) Received: from mxip10.cluster1.charter.net (mxip10a.cluster1.charter.net [209.225.28.140])i83DFZTD004103 for ; Fri, 3 Sep 2004 09:15:35 -0400 Received: from 24.247.14.41.gha.mi.chartermi.net (HELO eleanor.spectical.net) (24.247.14.41) by mxip10.cluster1.charter.net with ESMTP; 03 Sep 2004 09:15:36 -0400 X-Ironport-AV: i="3.84,128,1091419200"; d="scan'208"; a="245478629:sNHT27023658" Date: Fri, 3 Sep 2004 09:15:31 -0400 (EDT) From: c0ldbyte To: freebsd-security@freebsd.org In-Reply-To: <20040903120107.3D61A16A4E0@hub.freebsd.org> Message-ID: <20040903091313.B57210@eleanor.spectical.net> References: <20040903120107.3D61A16A4E0@hub.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Re: freebsd-security Digest, Vol 75, Issue 2 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Sep 2004 13:15:38 -0000 On Fri, 3 Sep 2004 freebsd-security-request@freebsd.org wrote: > Send freebsd-security mailing list submissions to > freebsd-security@freebsd.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.freebsd.org/mailman/listinfo/freebsd-security > or, via email, send a message with subject or body 'help' to > freebsd-security-request@freebsd.org > > You can reach the person managing the list at > freebsd-security-owner@freebsd.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of freebsd-security digest..." > > > Today's Topics: > > 1. Re: IPFW and icmp (Kevin D. Kinsey, DaleCo, S.P.) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 02 Sep 2004 12:05:26 -0500 > From: "Kevin D. Kinsey, DaleCo, S.P." > Subject: Re: IPFW and icmp > To: Dave > Cc: freebsd-security@freebsd.org > Message-ID: <413752D6.4060100@daleco.biz> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Dave wrote: > >> I'm not a master of the internet RFCs, but I do believe icmp messages have >> different types. >> >> Now to enable traceroute for IPFW, I might put in a rule like this: >> >> ipfw add pass icmp from any to me >> >> However, how would I make a rule to limit icmp messages to just those used >> by traceroute? Can the messages be distinguished as such? >> >> >> > > I use, thus far, "allow icmp from any to any icmptypes 0,3,4,8,11". That > include 'echo request', of course. Someone else may have a better idea. > >> A dynamic rule that exists only for the duration of a traceroute execution >> would be even better. I take it 'setup' or 'check-state' would follow in >> that case? >> >> >> > Seems likely. *sigh* one more manpage to read.... ;-) > > Kevin Kinsey > > ------------------------------ > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > > End of freebsd-security Digest, Vol 75, Issue 2 > *********************************************** > > You guys should check out this link here for the ICMP types. http://www.iana.org/assignments/icmp-parameters might help you out a little. This e-mail may be privileged and/or confidential, and the sender does not waive any related rights and obligations. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. If you received this e-mail in error, please advise me (by return e-mail or otherwise) immediately. From owner-freebsd-security@FreeBSD.ORG Fri Sep 3 14:58:06 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 222AA16A4D0 for ; Fri, 3 Sep 2004 14:58:06 +0000 (GMT) Received: from mailout01.sul.t-online.com (mailout01.sul.t-online.com [194.25.134.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id D7FB843D5A for ; Fri, 3 Sep 2004 14:58:05 +0000 (GMT) (envelope-from u.klann@t-online.de) Received: from fwd04.aul.t-online.de by mailout01.sul.t-online.com with smtp id 1C3FVt-0007Sg-00; Fri, 03 Sep 2004 16:58:05 +0200 Received: from [192.168.1.4] (SgBRF+ZZZeB2cQ3zRwepcvkDQzaKHGaoH+D0c0rJCcZkqRnA59vtcb@[84.128.5.98]) by fwd04.sul.t-online.com with esmtp id 1C3FVs-22OioK0; Fri, 3 Sep 2004 16:58:04 +0200 Message-ID: <41388661.6030403@t-online.de> Date: Fri, 03 Sep 2004 16:57:37 +0200 From: u.klann@t-online.de (Uwe Klann) User-Agent: Mozilla Thunderbird 0.7.3 (X11/20040902) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-security@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-ID: SgBRF+ZZZeB2cQ3zRwepcvkDQzaKHGaoH+D0c0rJCcZkqRnA59vtcb X-TOI-MSGID: 4c5d8fcc-2efc-4fae-af06-29436ab11233 Subject: submission X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Sep 2004 14:58:06 -0000 From owner-freebsd-security@FreeBSD.ORG Sat Sep 4 05:52:49 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1633316A4CE for ; Sat, 4 Sep 2004 05:52:49 +0000 (GMT) Received: from smtp2.eunet.yu (smtp2.eunet.yu [194.247.192.242]) by mx1.FreeBSD.org (Postfix) with ESMTP id BD64943D31 for ; Sat, 4 Sep 2004 05:52:47 +0000 (GMT) (envelope-from kolicz@eunet.yu) Received: from smtp2.EUnet.yu (root@localhost) by smtp2.eunet.yu (8.12.11/8.12.10) with SMTP id i845qkxM007972 for ; Sat, 4 Sep 2004 07:52:46 +0200 Received: from kolic.net (P-2.58.EUnet.yu [213.240.2.58]) by smtp2.eunet.yu (8.12.11/8.12.10) with ESMTP id i845qjSZ007896 for ; Sat, 4 Sep 2004 07:52:45 +0200 Received: by kolic.net (Postfix, from userid 1001) id 677A04178; Sat, 4 Sep 2004 07:50:40 +0200 (CEST) Date: Sat, 4 Sep 2004 07:50:40 +0200 From: Zoran Kolic To: freebsd-security@freebsd.org Message-ID: <20040904055040.GA668@kolic.net> References: <20040903120107.55AA316A4E1@hub.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040903120107.55AA316A4E1@hub.freebsd.org> Subject: Re: ipfw rules or something alike X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Sep 2004 05:52:49 -0000 > I use, thus far, "allow icmp from any to any icmptypes 0,3,4,8,11". That > include 'echo request', of course. Someone else may have a better idea. You want to be pinged? Why don't you let something in and something out? I.e.: add 10000 allow icmp from any to any icmptypes 8 out add 10100 allow icmp from any to any icmptypes 0 in add 10200 allow icmp from any to any icmptypes 11 in What kind of comp you wonna configure? Best regards ZK From owner-freebsd-security@FreeBSD.ORG Sat Sep 4 18:44:27 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2A21516A4CE for ; Sat, 4 Sep 2004 18:44:27 +0000 (GMT) Received: from ms.securenet.net (ms.securenet.net [205.236.147.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id DAB0C43D1D for ; Sat, 4 Sep 2004 18:44:24 +0000 (GMT) (envelope-from vandj@securenet.net) Received: from localhost (localhost [127.0.0.1]) by ms.securenet.net (Postfix) with ESMTP id 6782D15EECC for ; Sat, 4 Sep 2004 14:44:36 -0400 (EDT) Received: from ms.securenet.net ([127.0.0.1]) by localhost (ms.securenet.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 92434-05 for ; Sat, 4 Sep 2004 14:44:29 -0400 (EDT) Received: from pc-p4.securenet.net (office.securenet.net [205.236.147.3]) by ms.securenet.net (Postfix) with ESMTP id 47FFA15EFF2 for ; Sat, 4 Sep 2004 14:44:29 -0400 (EDT) Message-Id: <6.1.2.0.2.20040904144122.0de6c0c0@pop.securenet.net> X-Sender: vandj@pop.securenet.net X-Mailer: QUALCOMM Windows Eudora Version 6.1.2.0 Date: Sat, 04 Sep 2004 14:44:20 -0400 To: freebsd-security@freebsd.org From: "Jean M. Vandette" Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by f-prot anti-virus, and clamav anti-virus at SecureNet Inc. Subject: IPFW PULLUP Failed X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Sep 2004 18:44:27 -0000 Greetings all I keep getting the message on the console "IPFW pullup failed" I cannot seem to find out what it means or how to correct it any help would be of great help. I'm running FreeBSD 5.1-RELEASE-p17 Thank you in advance. Jean M. Vandette ************************************************************************************* *SecureNet Information Services Inc. 100 Alexis Nihon Blvd., Suite 283* *(514) 744-4242 Vox (514) 744-1552 Fax St. Laurent, Quebec H4M 2N7* ********** Providing Quality Public Internet access since 1994*************** From owner-freebsd-security@FreeBSD.ORG Sat Sep 4 19:36:07 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA87216A4CE for ; Sat, 4 Sep 2004 19:36:07 +0000 (GMT) Received: from out014.verizon.net (out014pub.verizon.net [206.46.170.46]) by mx1.FreeBSD.org (Postfix) with ESMTP id 50D7D43D39 for ; Sat, 4 Sep 2004 19:36:07 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from [192.168.1.3] ([68.160.193.218]) by out014.verizon.net (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP id <20040904193606.HPHQ24490.out014.verizon.net@[192.168.1.3]>; Sat, 4 Sep 2004 14:36:06 -0500 Message-ID: <413A1916.8090404@mac.com> Date: Sat, 04 Sep 2004 15:35:50 -0400 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040803 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Jean M. Vandette" References: <6.1.2.0.2.20040904144122.0de6c0c0@pop.securenet.net> In-Reply-To: <6.1.2.0.2.20040904144122.0de6c0c0@pop.securenet.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Authentication-Info: Submitted using SMTP AUTH at out014.verizon.net from [68.160.193.218] at Sat, 4 Sep 2004 14:36:06 -0500 cc: freebsd-security@freebsd.org Subject: Re: IPFW PULLUP Failed X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Sep 2004 19:36:07 -0000 Jean M. Vandette wrote: > Greetings all > > I keep getting the message on the console "IPFW pullup failed" > > I cannot seem to find out what it means or how to correct it any help > would be of great help. I'm running FreeBSD 5.1-RELEASE-p17 This is probably the wrong list for the question, but the message means that IPFW saw a very short/invalid network packet, one so short that there was not enough information to create a more useful log entry. If you're seeing lots of them, it may be a result of failing network hardware or a cabling glitch. -- -Chuck