hes in the redirection
of DNS, and it is possible.
Kind regards,
Fredrik Widlund
-Original Message-
From: Jason Dixon [mailto:[EMAIL PROTECTED]
Sent: den 10 september 2008 14:19
To: Fredrik Widlund
Cc: Fubar; PF List
Subject: Re: Reality check
On Sep 10, 2008, at 7:51 AM, Fredrik Widlu
Though some ISPs override DNS TTL, and the Microsoft IE browser itself also
does this. If it is business critical then a PF router can indeed easily do
this to catch the few cases where the old server is still being used.
Kind regards,
Fredrik Widlund
-Original Message-
From: [EMAIL
or us, NAT is not a possible solution (please don't ask why). Is there a way
to address this issue that I've missed, or are there any plans of solving this?
We're using OpenBSD 4.x and PF.
Kind regards,
Fredrik Widlund
-Original Message-
From: [EMAIL PROTECTED] [mailto:
new state, and break
window scaling. This to me, still after re-reading documentation, seems
like an error in either the documentation or the implementation.
Kind regards,
Fredrik Widlund
Mark Voelker wrote:
>Daniel,
>
>Thanks for a very lucid explanation! I had wondered if it might
>be mor
reate states on SFR or something else
bizarre? Why even allow it to pass?
Also a huge thank you for the brilliant contribution to the security
community!
Kind regards,
Fredrik Widlund
Daniel Hartmeier wrote:
> On Thu, Mar 30, 2006 at 02:29:19PM +0200, Fredrik Widlund wrote:
>
>
o $internet -> $gateway
pass in on vlan_x from vlan_x:network to $internet
Scrubbing on/off seems to make no difference.
Regards,
Fredrik Widlund
Fredrik Widlund wrote:
> Daniel Hartmeier wrote:
>
>> Please enable debug logging (pfctl -xm), and repeat the procedure,
>> captu
Daniel Hartmeier wrote:
> Please enable debug logging (pfctl -xm), and repeat the procedure,
> capturing one failing connection from handshake to the point of failure
> as you already did. Then check /var/log/messages for any lines from pf
> related to this connection ('BAD state' messages, likely)
y)
09:28:32.272829 C'.5042 > S.25: F 60:60(0) ack 1 win 16384
09:28:32.282835 S.25 > C'.5042: P 1:69(68) ack 1 win 46
(DF)
09:28:32.282946 C'.5042 > S.25: F 60:60(0) ack 69 win 16316
09:28:32.491476 S.25 > C'.5042: P 1:69(68) ack 1 win 46
(DF)
[... c->s pipe timeouts]
Regards,
Fredrik Widlund