Date: Sun, 17 May 1998 14:00:49 -0500 (CDT) From: Charlie Root <root@ftp1.mfn.org> To: freebsd-questions@FreeBSD.ORG Subject: Possible bug in IPFW Message-ID: <199805171900.OAA07502@ftp1.mfn.org>
next in thread | raw e-mail | index | archive | help
As everyone on this list knows, we've been playing with IPFW pretty intensely over the last couple of days. Having finalized our rule sets, we went about a stress-test (sans appreciable load) yesterday. Here is the basic outline: (1) Rulesets. Allow this, that, blah, blah, blah... (2) Final rule: 65500 deny log all from any to any So we bring up the filter machine, and start attacking it: (3) First, (and last it turns out), we scan it twice, first on port 1080, and second on port 23 (dont ask why these ports, it's a long story). The scan consists of attempting to establish connections (i.e., *not* a "stealth" scanner) at each address of our ip blocks. About half way through the "23 series" of scans (which would make it about 750 connections attempted, it ceased logging (forever!) with the following message: May 17 00:39:21 attackme /kernel: ipfw: 65500 Deny TCP x.x.x.x:1065 me.me.me.me:23 in via de3 I have checked for disk space, which AFAIK has never exceeded 50% usage on any slice, and sure enough, the top user of space was at a mere 45%. /var is at 3%. Except for the fact that it is no longer logging, it appears to be ok: cron is running and doing it's thing, it succeeded in backing itself up last night, and it still appears to be filtering, although *without* logging bad packets. Should I be forwarding this to the bugs list, or have I missed something very basic here? TIA J.A. Terranson sysadmin@mfn.org A small fading light in a vast and obscure universe. SUPPORT YOUR RIGHT TO PRIVACY: ENCRYPT! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199805171900.OAA07502>