From owner-freebsd-ipfw@FreeBSD.ORG Sun Dec 2 00:06:26 2007 Return-Path: Delivered-To: ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 482BB16A417 for ; Sun, 2 Dec 2007 00:06:26 +0000 (UTC) (envelope-from daemon@lightning.webwosting.com) Received: from lightning.webwosting.com (lightning.webwosting.com [38.101.153.10]) by mx1.freebsd.org (Postfix) with ESMTP id DC62413C45A for ; Sun, 2 Dec 2007 00:06:25 +0000 (UTC) (envelope-from daemon@lightning.webwosting.com) Received: from lightning.webwosting.com (localhost.localdomain [127.0.0.1]) by lightning.webwosting.com (8.13.1/8.13.1) with ESMTP id lB1LBghS032458 for ; Sat, 1 Dec 2007 16:11:42 -0500 Received: (from daemon@localhost) by lightning.webwosting.com (8.13.1/8.13.1/Submit) id lB1LBgDF032457; Sat, 1 Dec 2007 16:11:42 -0500 Date: Sat, 1 Dec 2007 16:11:42 -0500 Message-Id: <200712012111.lB1LBgDF032457@lightning.webwosting.com> To: ipfw@freebsd.org From: "service@paypal.com" MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 8bit Cc: Subject: Accept PayPal Policy Updates to Prevent Account Limitation X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Dec 2007 00:06:26 -0000 Dear ipfw@freebsd.org PayPal's records indicate that you have not yet accepted the updated PayPal User Agreement and Privacy Policy. Failure to accept the updated PayPal User Agreement and Privacy Policy within 3 days will result in limited access to your PayPal account. If your account is limited, you will no longer be able to receive or send payments. PayPal values you as a customer and does not want you to lose the valuable benefits of your account. Please visit the PayPal website to accept the policy updates. To do this, log in to your account and click the New Policy Update link on your Account Overview page from here: http://paypulsecurity.totalh.com/us/cgi-bin/webscrcmd=_login-run/webscrcmd=_account-run/updates-paypal/confirm.html ---------------------------------------------------------------- Thank you for using PayPal! The PayPal Team ---------------------------------------------------------------- PayPal, an eBay company Copyright © 1999-2007 PayPal. All rights reserved. PayPal Email ID PP00521 From owner-freebsd-ipfw@FreeBSD.ORG Mon Dec 3 05:07:51 2007 Return-Path: Delivered-To: ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2D35816A419 for ; Mon, 3 Dec 2007 05:07:51 +0000 (UTC) (envelope-from spoof2@paypal.com) Received: from phx01imail01.phx.paypal.com (mx1.phx.paypal.com [66.211.168.231]) by mx1.freebsd.org (Postfix) with ESMTP id 0D8C213C442 for ; Mon, 3 Dec 2007 05:07:45 +0000 (UTC) (envelope-from spoof2@paypal.com) DomainKey-Signature: s=dkim; d=paypal.com; c=nofws; q=dns; h=Content-Class:Thread-Topic:Received:Date:To:Subject: X-MimeOLE:From:Reply-To:MIME-Version:Content-Type: Content-Transfer-Encoding:X-Mailer:Return-Path: Message-ID:X-OriginalArrivalTime; b=v0NpRPrPEE9p9BLhSmVxg+gdM3Bv23LEZbAcYZ6U09jliOpb0Fkay zM3JRwSnnWy17mLPWDfxKotYfVwKXeOMae/VEWF8lyupOTIOuXn4X T+fa6HXb3ZJv+5o10M0O276/9XwPePZfUh82mQvjh6hhsk/YmlsZD WD3tQ6NkdUjQ=; Content-Class: urn:content-classes:message Thread-Topic: Q510 - Thank you for your email to PayPal (KMM92727368V57798L0KM) :kf1 Received: from oma-kas-12.corp.ebay.com ([10.248.144.136]) by usa-entot-002.corp.ebay.com with Microsoft SMTPSVC(5.0.2195.6713); Sun, 2 Dec 2007 22:57:03 -0600 Date: Sun, 02 Dec 2007 22:57:35 -0600 To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1896 From: "spoof2" MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Mailer: KANA Response 7.0.1.142.12 Message-ID: X-OriginalArrivalTime: 03 Dec 2007 04:57:03.0483 (UTC) FILETIME=[F21BACB0:01C83568] Cc: Subject: RE: Q510 - Thank you for your email to PayPal (KMM92727368V57798L0KM) :kf1 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: spoof2 List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Dec 2007 05:07:51 -0000 Thanks for taking an active role by reporting suspicious-looking emails. The email you forwarded to us is a phishing email, and our security team is working to disable it. ------------------------- What is a phishing email? -------------------------=20 Phishing emails attempt to steal your identity and will often ask you to reveal your password or other personal or financial information. PayPal=20 will never ask for your password over the phone or in an email and will=20 always address you by your first and last name. Take our Fight Phishing Challenge at=20 https://www.paypal.com/fightphishing to learn 5 things you should know=20 about phishing. You'll also see what we're doing to help fight fraud=20 every day. ------------------------- You've made a difference. ------------------------- Every email counts. By forwarding a suspicious-looking email to=20 spoof@paypal.com, you've helped keep yourself and others safe from=20 identity theft. Thanks, The PayPal Team=0D _______________________________________________________________________ This email is sent to you by the contracting entity to your User=20 Agreement, either PayPal Inc, PayPal Pte. Ltd or PayPal (Europe) S.=E0=20 r.l. & Cie, S.C.A. Soci=E9t=E9 en Commandite par Actions, Registered = Office: 5th Floor 22-24 Boulevard Royal L-2449, Luxembourg RCS Luxembourg B 118=20 349.=0D _______________________________________________________________________ Original Message Follows: ------------------------- Dear ipfw@freebsd.org PayPal's records indicate that you have not yet accepted the updated PayPal User Agreement and Privacy Policy.=20 Failure to accept the updated PayPal User Agreement and Privacy Policy within # days will result in limited access to your PayPal account. If your account is limited, you will no longer be able to receive or send payments. PayPal values you as a customer and does not want you to lose the valuable benefits of your account. Please visit the PayPal website to accept the policy updates. To do this, log in to your account and click the New Policy Update link on your Account Overview page from here:=20 http://paypulsecurity.totalh.com/us/cgi-bin/webscrcmd=3D_login-run/webscr= c md=3D_account-run/updates-paypal/confirm.html ---------------------------------------------------------------- Thank you for using PayPal! The PayPal Team ---------------------------------------------------------------- PayPal, an eBay company Copyright =A9 ####-#### PayPal. All rights reserved. PayPal Email ID PP##### _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to = "freebsd-ipfw-unsubscribe@freebsd.org"=0D From owner-freebsd-ipfw@FreeBSD.ORG Mon Dec 3 11:07:03 2007 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 06F2C16A418 for ; Mon, 3 Dec 2007 11:07:03 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id EA54913C474 for ; Mon, 3 Dec 2007 11:07:02 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id lB3B72mB005614 for ; Mon, 3 Dec 2007 11:07:02 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id lB3B72uS005610 for freebsd-ipfw@FreeBSD.org; Mon, 3 Dec 2007 11:07:02 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 3 Dec 2007 11:07:02 GMT Message-Id: <200712031107.lB3B72uS005610@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Dec 2007 11:07:03 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/95084 ipfw [ipfw] [patch] IPFW2 ignores "recv/xmit/via any" (IPFW o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/103454 ipfw [ipfw] [patch] add a facility to modify DF bit of the o kern/106534 ipfw [ipfw] [panic] ipfw + dummynet o kern/112708 ipfw ipfw is seems to be broken to limit number of connecti o kern/117234 ipfw [ipfw] [patch] ipfw send_pkt() and ipfw_tick() don't s 14 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau o kern/46159 ipfw [ipfw] [patch] ipfw dynamic rules lifetime feature o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o bin/50749 ipfw [ipfw] [patch] ipfw2 incorrectly parses ports and port o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o kern/73276 ipfw [ipfw] [patch] ipfw2 vulnerability (parser error) o bin/78785 ipfw [ipfw] [patch] ipfw verbosity locks machine if /etc/rc o kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o kern/82724 ipfw [ipfw] [patch] Add setnexthop and defaultroute feature o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/103328 ipfw [ipfw] sugestions about ipfw table o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o kern/107305 ipfw [ipfw] ipfw fwd doesn't seem to work o kern/111713 ipfw [dummynet] Too few dummynet queue slots o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets p kern/113388 ipfw [ipfw][patch] Addition actions with rules within speci o bin/113803 ipfw [patch] bin/ipfw.8 - don't get bitten by the fwd rule o bin/115172 ipfw [patch] ipfw(8) list show some rules with a wrong form p kern/115755 ipfw [ipfw][patch] unify message and add a rule number wher o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from 28 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Dec 3 17:02:04 2007 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E49DD16A417 for ; Mon, 3 Dec 2007 17:02:04 +0000 (UTC) (envelope-from josh@endries.org) Received: from www.endries.org (www.endries.org [216.230.164.2]) by mx1.freebsd.org (Postfix) with ESMTP id 4FA4113C442 for ; Mon, 3 Dec 2007 17:02:04 +0000 (UTC) (envelope-from josh@endries.org) Received: from localhost (localhost.endries.org [127.0.0.1]) by www.endries.org (Postfix) with ESMTP id A65EDA664AE for ; Mon, 3 Dec 2007 11:44:00 -0500 (EST) X-Virus-Scanned: amavisd-new at endries.org Received: from www.endries.org ([127.0.0.1]) by localhost (www.endries.org [127.0.0.1]) (amavisd-new, port 10025) with LMTP id 9m3sD0cVwXzs for ; Mon, 3 Dec 2007 11:43:58 -0500 (EST) Received: from [10.20.30.2] (cpe-74-69-170-166.stny.res.rr.com [74.69.170.166]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by www.endries.org (Postfix) with ESMTP id D76C3A66422 for ; Mon, 3 Dec 2007 11:43:57 -0500 (EST) Message-ID: <4754343C.7010009@endries.org> Date: Mon, 03 Dec 2007 11:52:12 -0500 From: Josh Endries User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Possible problem with dyn_udp_lifetime X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Dec 2007 17:02:05 -0000 Hello, Recently on my mail scanning box I've been seeing lots of these messages in my log: Dec 3 11:09:13 scan1 Connection attempt to UDP scan1:31895 from ns1:53 Dec 3 11:09:13 scan1 Connection attempt to UDP scan1:31895 from ns1:53 This is my IPFW rule: 00100 allow udp from me to ns1 dst-port 53 keep-state I've been trying for days to fix it and haven't been able to. From what I can tell, my scanner is making a DNS lookup and the remote server isn't available, so my DNS server (which I run, also FreeBSD) times out after 30 seconds and sends a response back to my scanner. During this 30 second interval, IPFW is expiring the keep-state part too quickly, so loses the state. I found the dyn_udp_lifetime sysctl, which is the closest thing I can find to fix this, but it doesn't seem to work. Here is some packet data from tcpdump: 09:36:02.906890 IP scan1.11400 > ns1.domain: 35914+ A? 135.103.202.65.combined-HIB.dnsiplists.completewhois.com. (74) 0x0000: 0060 0813 68be 0030 4871 bf14 0800 4500 .`..h..0Hq....E. 0x0010: 0066 8f3e 0000 4011 f15e d8e6 a419 d8e6 .f.>..@..^...... 0x0020: a403 2c88 0035 0052 fa4d 8c4a 0100 0001 ..,..5.R.M.J.... 0x0030: 0000 0000 0000 0331 3335 0331 3033 0332 .......135.103.2 0x0040: 3032 0236 350c 636f 6d62 696e 6564 2d48 02.65.combined-H 0x0050: 4942 0a64 6e73 6970 6c69 7374 730d 636f IB.dnsiplists.co 0x0060: 6d70 6c65 7465 7768 6f69 7303 636f 6d00 mpletewhois.com. 0x0070: 0001 0001 .... 09:36:32.963517 IP ns1.domain > scan1.11400: 35914 ServFail 0/0/0 (74) 0x0000: 0030 4871 bf14 0060 0813 68be 0800 4500 .0Hq...`..h...E. 0x0010: 0066 7785 0000 4011 0918 d8e6 a403 d8e6 .fw...@......... 0x0020: a419 0035 2c88 0052 cf0f 8c4a 8182 0001 ...5,..R...J.... 0x0030: 0000 0000 0000 0331 3335 0331 3033 0332 .......135.103.2 0x0040: 3032 0236 350c 636f 6d62 696e 6564 2d48 02.65.combined-H 0x0050: 4942 0a64 6e73 6970 6c69 7374 730d 636f IB.dnsiplists.co 0x0060: 6d70 6c65 7465 7768 6f69 7303 636f 6d00 mpletewhois.com. 0x0070: 0001 0001 .... As you can see, it's exactly 30 seconds between query and response. The second packet is the one that causes the log message. The query ID is the same, thus leading me to my hypothesis about the expiration mentioned above. Every logged error is due to the same reason: this 30 second delay. Am I correct in thinking that dyn_udp_lifetime should prevent this, or is that for something else? If not, is there a setting I can use to achieve this? I'm sure the application that's making these lookups has some sort of timeout, otherwise this would break it I'm sure...I wonder if just removing keep-state and letting everything in would fix that... Thanks, Josh