 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
16 messages in edu.merit.nanogRe: impossible circuit| From | Sent On | Attachments |
|---|---|---|
| Jon Lewis | Aug 10, 2008 8:15 pm | |
| George Carey | Aug 10, 2008 10:24 pm | |
| Laurence F. Sheldon, Jr. | Aug 11, 2008 6:27 am | |
| Justin Shore | Aug 11, 2008 1:16 pm | |
| Jay R. Ashworth | Aug 11, 2008 1:22 pm | |
| list...@pwns.ms | Aug 12, 2008 4:36 am | |
| Jon Lewis | Aug 12, 2008 7:37 am | |
| Andy Johnson | Aug 13, 2008 7:41 am | |
| Justin Shore | Aug 13, 2008 9:02 am | |
| Jon Lewis | Aug 13, 2008 9:29 am | |
| Andy Johnson | Aug 13, 2008 11:27 am | |
| Jared Mauch | Aug 13, 2008 11:33 am | |
| Jon Lewis | Aug 16, 2008 11:07 pm | |
| list...@pwns.ms | Aug 16, 2008 11:36 pm | |
| Jay Hennigan | Aug 16, 2008 11:56 pm | |
| Paul Wall | Aug 18, 2008 1:46 pm |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | Re: impossible circuit | Actions... |
|---|---|---|
| From: | Jay R. Ashworth (jr...@baylink.com) | |
| Date: | Aug 11, 2008 1:22:05 pm | |
| List: | edu.merit.nanog | |
On Mon, Aug 11, 2008 at 03:17:18PM -0500, Justin Shore wrote:
The OS X update I applied was the one that installed a host-based firewall. The update automatically turned on the FW and permitted all local servers that were configured to run, in my case SSH, with everything else being denied. The FW on the OS X box normally wouldn't see packets not destined for it until you put a nic in promisc mode such as what happens when you run EtherPeek. The OS X box's FW was getting hits from traffic denied by it's ACL and was sending TCP RSTs faster than hosts on the 'Net could respond. It did this for everything except SSH which it permitted (but higher up the IP stack it ignored because the IP packet was address to the local box).
This isn't in any way related to the problem at hand but it does demonstrate that weird things happen when devices in unusual places flood out all ports.
And this explains why in Bellovin's Wily Hacker book, there's an anecdote about a sniffer machine on which they had to *physically cut the transmit wire* because they could *not* get the machine to not... do something. ARP queries?
Cheers, -- jra
-- Jay R. Ashworth Baylink jr...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Josef Stalin)