Re: serious flaw exposed via filters

Kai (kai@www.abest.com)
Mon, 16 Sep 1996 13:21:59 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: patrick@value.net: "Re: Does Cisco understand netmask tables?"
Previous message: Ryan Mooney: "Using 'pmwho' as a CGI script. (fwd)"
Maybe in reply to: Kai: "serious flaw exposed via filters"
Next in thread: Charles Scott: "Re: serious flaw exposed via filters"

>
> it might be helpful to see the filter with any appropriate addresses and
> or networks with
>
> a's, b's, c's, and x's in place of the numbers...
>
> otherwise how could we help?
>
> --->
> Robert H. Hanson LAN/WAN Consultant - Internet Service Provider
> Otis Orchards, Wa. Cutting Edge Communications www.cet.com
> (509) 927-9541 finger: info@cet.com or email: roberth@cet.com
>
>

actually, this is a Livingston problem screaming for a livingston code
fix, and this was more of an informational post than one asking for help.
The filter is living fine without any 'log' statement.

The problem is pretty universal. If you want to reproduce it: put an
ethernet ofilter on your ether0 port that denies packets with a
source address OTHER than the network your PPP-attached customers are
in, and make the final deny line contain the 'log' statement.
Now watch customers logging off or even better: losing their carriers
in the middle of say: an http transaction. instant flood in the log via
the deny statement. voila.

bye,Kai

Next message: patrick@value.net: "Re: Does Cisco understand netmask tables?"
Previous message: Ryan Mooney: "Using 'pmwho' as a CGI script. (fwd)"
Maybe in reply to: Kai: "serious flaw exposed via filters"
Next in thread: Charles Scott: "Re: serious flaw exposed via filters"