search for: iplen

...Raw packets sent: 101 (4.428KB) | Rcvd: 101 (4.036KB) (e) Hping3 to sent TCP SYN packets # hping3 -n -V -c 3 -S -p 80 192.168.2.99 using eth1, addr: 192.168.2.100, MTU: 1500 HPING 192.168.2.99 (eth1 192.168.2.99): S set, 40 headers + 0 data bytes len=46 ip=192.168.2.99 ttl=64 DF id=0 tos=0 iplen=44 sport=80 flags=SA seq=0 win=5840 rtt=1.1 ms seq=1297713297 ack=947911264 sum=4de9 urp=0 len=46 ip=192.168.2.99 ttl=64 DF id=0 tos=0 iplen=44 sport=80 flags=SA seq=1 win=5840 rtt=0.8 ms seq=1302142566 ack=1170559117 sum=c1ef urp=0 len=46 ip=192.168.2.99 ttl=64 DF id=0 tos=0 iplen=44 sport=80 fl...

...52 -0700 (PDT), <freebsd-security-request@freebsd.org> wrote: Hello ! Today i see in snort logs : [**] [1:528:4] BAD-TRAFFIC loopback traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] 06/07-09:44:39.044590 127.0.0.1:80 -> 10.6.148.173:1566 TCP TTL:128 TOS:0x0 ID:577 IpLen:20 DgmLen:40 ***A*R** Seq: 0x0 Ack: 0x75830001 Win: 0x0 TcpLen: 20 [Xref => http://rr.sans.org/firewall/egress.php] [**] [1:528:4] BAD-TRAFFIC loopback traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] 06/07-09:44:39.075824 127.0.0.1:80 -> 10.6.249.83:1299 TCP TTL:128 T...

...via bfe0 <antispoof rules, icmp restricts, internal interface allow, allow incuming keep-state connections to services> //here are defined queues 09600 queue 1 udp from me to any dst-port 53,123 out via bfe0 keep-state 09800 queue 2 tcp from any 1024-65535 to any out via bfe0 iptos lowdelay iplen 32-68 established 10000 queue 2 tcp from any 1024-65535 to any out via bfe0 iptos lowdelay established 10200 queue 2 tcp from any 1024-65535 to any out via bfe0 iptos lowdelay setup keep-state 10400 queue 3 tcp from any 1024-65535 to any dst-port 22,194,5190,23 out via bfe0 iplen 32-68 established...

We're being ping-flooded by the Nachi worm, which probes subnets for systems to attack by sending 92-byte ping packets. Unfortunately, IPFW doesn't seem to have the ability to filter packets by length. Assuming that I stick with IPFW, what's the best way to stem the tide? --Brett Glass

Please see below Jon Flechsenhaar Boeing WNW Team Network Services (714)-762-1231 202-E7 -----Original Message----- From: Flechsenhaar, Jon J Sent: Wednesday, September 27, 2006 10:30 AM To: lartc@mailman.ds9a.nl Subject: FW: [LARTC] 2.6.14 - HTB/SFQ QoS broken? Please see below Jon Flechsenhaar Boeing WNW Team Network Services (714)-762-1231 202-E7 -----Original Message----- From:

1. HFSC have 4 curve such sc, rc, ls, ul and 1.1 In leaf class can specify rc for guarantee service (bandwidth and delay) and If want to sharing fairness exceess service, we must specify ls and ul curve too (ls curve with paramater m2 specify at lease sharing bandwidth in that class will receive and ul curve mean maximum bandwidth in that class will receive) so i''m doubt .. about if i