North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: impossible circuit
On Mon, Aug 11, 2008 at 03:17:18PM -0500, Justin Shore wrote: > The OS X update I applied was the one that installed a host-based > firewall. The update automatically turned on the FW and permitted all > local servers that were configured to run, in my case SSH, with > everything else being denied. The FW on the OS X box normally wouldn't > see packets not destined for it until you put a nic in promisc mode such > as what happens when you run EtherPeek. The OS X box's FW was getting > hits from traffic denied by it's ACL and was sending TCP RSTs faster > than hosts on the 'Net could respond. It did this for everything except > SSH which it permitted (but higher up the IP stack it ignored because > the IP packet was address to the local box). > > This isn't in any way related to the problem at hand but it does > demonstrate that weird things happen when devices in unusual places > flood out all ports. And this explains why in Bellovin's Wily Hacker book, there's an anecdote about a sniffer machine on which they had to *physically cut the transmit wire* because they could *not* get the machine to not... do something. ARP queries? Cheers, -- jra -- Jay R. Ashworth Baylink [email protected] Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Josef Stalin)
|