Having a couple of issues

Hello,

On 11/11/06, Daniel Hartmeier <danielbenzedrine.cx> wrote:
>
> These are caused by on off-by-one in pf's state
tracking for one special
> case: when an RST is sent during the handshake (i.e.
SYN, SYN+ACK, RST),
> pf compares the sequence number in the RST exactly, and
is off by one,
> blocking the RST.
>
> This is recognizable by the strange "State failure
on:" line with no
> digits (the digit(s) indicate the reason why the state
match failed, in
> this specific case, and this case only, there is no
digit printed).
>
> It was recently fixed in OpenBSD, IIRC post-4.0. The
fix is easy to
> port. But I have to wonder why this shows up repeatedly
just now.
>
> Who are those clients aborting their handshake with
RST, and why are
> they doing it? If the RST is properly passed, it's not
like you end up
> with a working connection, it's aborted. And if they
don't intend to
> complete the handshake, why start it? Some silly form
of port scanning?
> WTF? 
>
> Daniel
>

The clients are users of FreeBSD, KDE and Mozilla Firefox.

So I guess it is harmless? am I the only one to have this
issue?? I
did not find much about it.

Think I should have started two threads, another one for the
FTP/pftpx
problem, silly me.

Thank you both!

-- 
Kimi
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"