[CLUE-Tech] Here's an idea.
David Anselmi
anselmi at americanisp.net
Mon Apr 21 15:59:58 MDT 2003
Keith Hellman wrote:
[...]
> - through ssh to my notebook, I run my own '/etc/rc.d/fw off' command.
> This does complete DENIAL.
> - now in this case, my latency isn't quite so poor (;^). DOH, I just
> lobotomized my ssh connection
> - open my notebook, login at console, run my own '/etc/rc.d/fw open'
> (no restrictions), and viola, my ssh connection returns to the living.
>
> A little embaressing, but I've done this SO MANY times, I'm sure ssh
> connections persist while drop rules are changed.
Probably lose the connection if the rule is reject.
[...]
>
> Either DROP rules or interface re-configuration of the TCP peer probably
> presents that same symptoms (to the local machine) as the local machine's
> network card being unplugged.
>
Cool, so the TCP stack keeps state independent of the IP address and
filter rules. And it just ignores packets it gets (delivered by the
ethernet layer) with the wrong IP.
Dave
More information about the clue-tech
mailing list