On 5/17/06, Dragos <[EMAIL PROTECTED]> wrote:
Salut Vlad ([EMAIL PROTECTED]),
================================================================================
Acest e-mail e un raspuns la e-mailul "[rofug] PF scrubbing nu functioneaza?"
primit Wednesday, May 17, 2006, 6:36:51 PM:
Vlad GALU> On 5/17/06, Dragos <[EMAIL PROTECTED]> wrote:
Vlad GALU> [...]
Vlad GALU> Vad ca TTL-ul ti-l mareste corect la 128. Uita-te cu pfctl -sr -v
Vlad GALU> sa vezi cite matches ai pe fiecare regula de scrub.
================================================================================
scrub on rl0 all min-ttl 128 max-mss 1400 fragment reassemble
[ Evaluations: 683742 Packets: 119337 Bytes: 0 States: 0 ]
scrub on rl1 all min-ttl 128 max-mss 1400 fragment reassemble
[ Evaluations: 564405 Packets: 45880 Bytes: 0 States: 0 ]
scrub on rl2 all min-ttl 128 max-mss 1400 fragment reassemble
[ Evaluations: 518525 Packets: 21941 Bytes: 0 States: 0 ]
scrub on rl0 all no-df fragment reassemble
[ Evaluations: 496584 Packets: 0 Bytes: 0 States: 0 ]
scrub on rl1 all no-df fragment reassemble
[ Evaluations: 496584 Packets: 0 Bytes: 0 States: 0 ]
scrub on rl2 all no-df fragment reassemble
[ Evaluations: 496584 Packets: 0 Bytes: 0 States: 0 ]
scrub on rl0 all fragment reassemble
[ Evaluations: 496584 Packets: 0 Bytes: 0 States: 0 ]
scrub on rl1 all fragment reassemble
[ Evaluations: 496584 Packets: 0 Bytes: 0 States: 0 ]
scrub on rl2 all fragment reassemble
[ Evaluations: 496584 Packets: 0 Bytes: 0 States: 0 ]
scrub on rl0 all random-id fragment reassemble
[ Evaluations: 496584 Packets: 0 Bytes: 0 States: 0 ]
scrub on rl1 all random-id fragment reassemble
[ Evaluations: 496584 Packets: 0 Bytes: 0 States: 0 ]
scrub on rl2 all random-id fragment reassemble
[ Evaluations: 496584 Packets: 0 Bytes: 0 States: 0 ]
scrub out on rl2 all random-id fragment reassemble
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
scrub on rl0 all reassemble tcp fragment reassemble
[ Evaluations: 496584 Packets: 0 Bytes: 0 States: 0 ]
scrub on rl1 all reassemble tcp fragment reassemble
[ Evaluations: 496584 Packets: 0 Bytes: 0 States: 0 ]
scrub on rl2 all reassemble tcp fragment reassemble
[ Evaluations: 496584 Packets: 0 Bytes: 0 States: 0 ]
Intradevar, nu stiu de ce nu m-am gandit sa verific asa. Se pare ca pf-ul
vrea sa aiba toate optiunile intr-o singura linie, ceea ce arata cam ciudat.
pfctl -sr -v | grep -v pass|grep -v block
scrub on rl0 all no-df random-id min-ttl 128 max-mss 1400 reassemble tcp
fragment reassemble
[ Evaluations: 91373 Packets: 41319 Bytes: 0 States: 0 ]
scrub on rl1 all no-df random-id min-ttl 128 max-mss 1400 reassemble tcp
fragment reassemble
[ Evaluations: 50054 Packets: 19994 Bytes: 0 States: 0 ]
scrub on rl2 all no-df random-id min-ttl 128 max-mss 1400 reassemble tcp
fragment reassemble
[ Evaluations: 30060 Packets: 16840 Bytes: 0 States: 0 ]
Pare sa fie mai ok acum, cu toate ca datorita numarului mare de sesiuni imi e
mai greu sa urmaresc id-ul.
Foloseste un filtru mai specific in tcpdump - e.g. src host XXX
and dst host YYY.
Sa fie oare asta cauza...
Merci.
Numai bine,
Dragos
--
If it's there, and you can see it, it's real.
If it's not there, and you can see it, it's virtual.
If it's there, and you can't see it, it's transparent.
If it's not there, and you can't see it, you erased it.
________________________________________________________
To unsubscribe send a mail to [EMAIL PROTECTED]
