Darren Reed wrote:
In some email I received from Jefferson Ogata, sie wrote:
Solaris x86 kernel Generic_108529-15, IP Filter 3.4.29 built with gcc 2.95.3
from Solaris Software Companion...
Whenever I run modinfo (as any user) on the Solaris host, some or all existing
TCP connections through the firewall are reset. Connections made to the
firewall itself are not reset, or at least some of them aren't. Unfortunately,
this is detrimental enough that I don't want to do a lot of testing on it. But
weirdly, the state and NAT entries for the old connections don't appear to be
exterminated. It's as if IPF decided to send TCP reset packets out.
I am using return-rst in some areas.
Hi Darren. Your response got stuck in a queue somewhere. It just came in today.
Can you check to see if RST packets are being sent out all interfaces ?
I'm having a difficult time making that determination. Unfortunately, it's an
active firewall with a lot going on, and I can't fiddle with it too much.
If the box is plugged into a switch with 10/100/FDX lights, do any of
those change when you do "modinfo" ?
I'll try to find that out. Interesting question.
If you do an "ipf -y" rather than "modinfo", does the same thing happen ?
Yes. "ipf -y" causes disruption also.
Thanks for devoting some thought to this.
--
Jefferson Ogata <[EMAIL PROTECTED]>
NOAA Computer Incident Response Team (N-CIRT) <[EMAIL PROTECTED]>
