RE: Reality check

2008-09-10 Thread Fredrik Widlund
hes in the redirection of DNS, and it is possible. Kind regards, Fredrik Widlund -Original Message- From: Jason Dixon [mailto:[EMAIL PROTECTED] Sent: den 10 september 2008 14:19 To: Fredrik Widlund Cc: Fubar; PF List Subject: Re: Reality check On Sep 10, 2008, at 7:51 AM, Fredrik Widlu

RE: Reality check

2008-09-10 Thread Fredrik Widlund
Though some ISPs override DNS TTL, and the Microsoft IE browser itself also does this. If it is business critical then a PF router can indeed easily do this to catch the few cases where the old server is still being used. Kind regards, Fredrik Widlund -Original Message- From: [EMAIL

RE: Routing VPNs through a second interface.

2008-08-21 Thread Fredrik Widlund
or us, NAT is not a possible solution (please don't ask why). Is there a way to address this issue that I've missed, or are there any plans of solving this? We're using OpenBSD 4.x and PF. Kind regards, Fredrik Widlund -Original Message- From: [EMAIL PROTECTED] [mailto:

Re: RFC1323 Window Scaling Issues

2006-07-02 Thread Fredrik Widlund
new state, and break window scaling. This to me, still after re-reading documentation, seems like an error in either the documentation or the implementation. Kind regards, Fredrik Widlund Mark Voelker wrote: >Daniel, > >Thanks for a very lucid explanation! I had wondered if it might >be mor

Re: TCP session desyncs

2006-03-31 Thread Fredrik Widlund
reate states on SFR or something else bizarre? Why even allow it to pass? Also a huge thank you for the brilliant contribution to the security community! Kind regards, Fredrik Widlund Daniel Hartmeier wrote: > On Thu, Mar 30, 2006 at 02:29:19PM +0200, Fredrik Widlund wrote: > >

Re: TCP session desyncs

2006-03-30 Thread Fredrik Widlund
o $internet -> $gateway pass in on vlan_x from vlan_x:network to $internet Scrubbing on/off seems to make no difference. Regards, Fredrik Widlund Fredrik Widlund wrote: > Daniel Hartmeier wrote: > >> Please enable debug logging (pfctl -xm), and repeat the procedure, >> captu

Re: TCP session desyncs

2006-03-30 Thread Fredrik Widlund
Daniel Hartmeier wrote: > Please enable debug logging (pfctl -xm), and repeat the procedure, > capturing one failing connection from handshake to the point of failure > as you already did. Then check /var/log/messages for any lines from pf > related to this connection ('BAD state' messages, likely)

TCP session desyncs

2006-03-30 Thread Fredrik Widlund
y) 09:28:32.272829 C'.5042 > S.25: F 60:60(0) ack 1 win 16384 09:28:32.282835 S.25 > C'.5042: P 1:69(68) ack 1 win 46 (DF) 09:28:32.282946 C'.5042 > S.25: F 60:60(0) ack 69 win 16316 09:28:32.491476 S.25 > C'.5042: P 1:69(68) ack 1 win 46 (DF) [... c->s pipe timeouts] Regards, Fredrik Widlund