Hello, On 11/11/06, Daniel Hartmeier <[EMAIL PROTECTED]> wrote:
These are caused by on off-by-one in pf's state tracking for one special case: when an RST is sent during the handshake (i.e. SYN, SYN+ACK, RST), pf compares the sequence number in the RST exactly, and is off by one, blocking the RST. This is recognizable by the strange "State failure on:" line with no digits (the digit(s) indicate the reason why the state match failed, in this specific case, and this case only, there is no digit printed). It was recently fixed in OpenBSD, IIRC post-4.0. The fix is easy to port. But I have to wonder why this shows up repeatedly just now. Who are those clients aborting their handshake with RST, and why are they doing it? If the RST is properly passed, it's not like you end up with a working connection, it's aborted. And if they don't intend to complete the handshake, why start it? Some silly form of port scanning? WTF? :) Daniel
The clients are users of FreeBSD, KDE and Mozilla Firefox. So I guess it is harmless? am I the only one to have this issue?? I did not find much about it. Think I should have started two threads, another one for the FTP/pftpx problem, silly me. Thank you both! -- Kimi _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
