Frozen Fido : RU.UNIX.BSD : Re: Passive FTP

ru.unix.bsd

 
 - RU.UNIX.BSD ------------------------------------------------------------------
 From : Gleb Smirnoff                        2:5020/400     23 Aug 2005  23:14:33
 To : Victor Sudakov
 Subject : Re: Passive FTP
 --------------------------------------------------------------------------------

 Victor Sudakov <vas@mpeks.tomsk.su> wrote:

 >>>> есть pf, есть ipfw2 которые понимают, что такое statefull
 >> 
 >> VS> Понимание ipfw очень примитивно. Hазвать это stateful inspection
 >> VS> можно только издеваясь. Оно даже дырочку для простой TCP сессии
 >> VS> закрывает по таймауту, вместо отслеживания состояния соединения.
 >> 
 >> Ссылку на код будем давать? Я вот вижу обратное.

 VS> Какой код?

 Код на языке Це. В файле ip_fw2.c.

 VS> Что такое net.inet.ip.fw.dyn_ack_lifetime сотоварищи?

              These variables control the lifetime, in seconds, of dynamic
              rules.  Upon the initial SYN exchange the lifetime is kept short,
              then increased after both SYN have been seen, then decreased
              again during the final FIN exchange or when a RST is received.
              Both dyn_fin_lifetime and dyn_rst_lifetime must be strictly lower
              than 5 seconds, the period of repetition of keepalives.  The
              firewall enforces that.

 VS> Или мои сведения устарели и динамические правила нынче протухают не по
 VS> таймауту?

   По таймауту. Грубо говоря, ваше утверждение выше верно. Hо дело в том,
 что таймаут меняется в зависимости от текущего состояния TCP сессии.
 Поэтому, если выражаться точно, то утверждение выше не верно.

 Предвосхищая дальнейшую дискуссию, буду утверждать, что если stateful
 firewall будет удалять state мгновенно по получении RST или FIN пакета,
 то он будет сильно не прав. Почему так - предлагаю додумать самому.

 VS> L4 и есть TCP. Впрочем, хоть горшком назови, а нужен МСЭ со знанием
 VS> протоколов прикладного уровня.

 Мне не нужен. Я допускаю, что кому-то нужен.

 -- 
 Totus tuus, Glebius.
 GLEBIUS-RIPN GLEB-RIPE
 --- ifmail v.2.15dev5.3
  * Origin: Demos online service (2:5020/400)

Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор

Тема:	Автор:	Дата:
Re: Passive FTP	Ivan Poplavsky	16 Aug 2005 22:44:21
Re: Passive FTP	Alexey G Misyuremko	23 Aug 2005 11:28:43
Re: Passive FTP	Victor Sudakov	23 Aug 2005 11:52:04
Re: Passive FTP	Alexey G Misyuremko	23 Aug 2005 12:16:45
Re: Passive FTP	Victor Sudakov	23 Aug 2005 13:56:51
Passive FTP	Slawa Olhovchenkov	23 Aug 2005 14:11:28
Re: Passive FTP	Victor Sudakov	23 Aug 2005 15:36:43
Passive FTP	Alex Semenyaka	23 Aug 2005 19:40:46
Re: Passive FTP	Victor Sudakov	24 Aug 2005 06:52:05
Passive FTP	Alex Semenyaka	24 Aug 2005 12:06:04
Passive FTP	Slawa Olhovchenkov	24 Aug 2005 07:42:42
Passive FTP	Vladimir Kurtukov	24 Aug 2005 11:46:37
Passive FTP	Alex Semenyaka	24 Aug 2005 12:19:28
Passive FTP	Slawa Olhovchenkov	25 Aug 2005 09:50:48
Passive FTP	Alex Semenyaka	25 Aug 2005 13:01:16
Passive FTP	Slawa Olhovchenkov	25 Aug 2005 16:10:20
Passive FTP	Alex Semenyaka	25 Aug 2005 17:28:16
Passive FTP	Slawa Olhovchenkov	25 Aug 2005 22:30:26
Passive FTP	Slawa Olhovchenkov	24 Aug 2005 07:13:28
Re: Passive FTP	Victor Sudakov	24 Aug 2005 09:22:10
Re: Passive FTP	Spartak Radchenko	23 Aug 2005 14:39:51
Re: Passive FTP	Gleb Smirnoff	23 Aug 2005 16:40:52
Re: Passive FTP	Victor Sudakov	23 Aug 2005 21:16:57
Re: Passive FTP	Gleb Smirnoff	23 Aug 2005 23:04:53
Re: Passive FTP	Victor Sudakov	24 Aug 2005 06:42:02
Re: Passive FTP	Gleb Smirnoff	24 Aug 2005 11:50:30
Passive FTP	Alex Semenyaka	24 Aug 2005 12:22:56
Re: Passive FTP	Alexey G Misyuremko	24 Aug 2005 14:15:54
Re: Passive FTP	Victor Sudakov	24 Aug 2005 14:32:09
Re: Passive FTP	Alexey G Misyuremko	24 Aug 2005 14:48:31
Passive FTP	Alex Semenyaka	24 Aug 2005 17:10:16
Passive FTP	Slawa Olhovchenkov	24 Aug 2005 07:45:42
Re: Passive FTP	Gleb Smirnoff	23 Aug 2005 16:39:18
Re: Passive FTP	Alexey G Misyuremko	23 Aug 2005 17:02:32
Re: Passive FTP	Victor Sudakov	23 Aug 2005 21:16:58
Re: Passive FTP	Gleb Smirnoff	23 Aug 2005 23:14:33
Re: Passive FTP	Victor Sudakov	24 Aug 2005 07:07:14
Re: Passive FTP	Gleb Smirnoff	24 Aug 2005 11:56:36
Re: Passive FTP	Victor Sudakov	24 Aug 2005 13:06:53
Re: Passive FTP	Gleb Smirnoff	24 Aug 2005 13:57:57
Re: Passive FTP	Alexey G Misyuremko	24 Aug 2005 14:18:28
Passive FTP	Alex Semenyaka	24 Aug 2005 13:07:46
Re: Passive FTP	Gleb Smirnoff	24 Aug 2005 15:04:10
Passive FTP	Alex Semenyaka	24 Aug 2005 17:00:16
Re: Passive FTP	Gleb Smirnoff	25 Aug 2005 12:10:00
Passive FTP	Alex Semenyaka	24 Aug 2005 13:03:28
Re: Passive FTP	Gleb Smirnoff	24 Aug 2005 15:00:08
Passive FTP	Alex Semenyaka	24 Aug 2005 16:46:14
Re: Passive FTP	Gleb Smirnoff	25 Aug 2005 12:05:49
Passive FTP	Alex Semenyaka	25 Aug 2005 13:06:06
Re: Passive FTP	Gleb Smirnoff	25 Aug 2005 17:05:45
Passive FTP	Alex Semenyaka	25 Aug 2005 17:57:42
Re: Passive FTP	Eugene Grosbein	25 Aug 2005 23:04:05
Passive FTP	Alex Semenyaka	25 Aug 2005 21:52:48
Re: Passive FTP	Eugene Grosbein	26 Aug 2005 09:16:42
Passive FTP	Alex Semenyaka	26 Aug 2005 12:14:08
Re: Passive FTP	Eugene Grosbein	26 Aug 2005 18:17:57
Passive FTP	Alex Semenyaka	26 Aug 2005 17:27:06
Re: Passive FTP	Eugene Grosbein	26 Aug 2005 22:21:02
Passive FTP	Alex Semenyaka	26 Aug 2005 20:21:04
Re: Passive FTP	Eugene Grosbein	27 Aug 2005 02:13:20
Passive FTP	Alex Semenyaka	27 Aug 2005 13:54:36
Re: Passive FTP	Eugene Grosbein	28 Aug 2005 17:29:28
Passive FTP	Alex Semenyaka	28 Aug 2005 17:01:16
Re: Passive FTP	Eugene Grosbein	28 Aug 2005 23:31:31
Passive FTP	Alex Semenyaka	29 Aug 2005 13:16:40
Re: Passive FTP	Eugene Grosbein	29 Aug 2005 22:53:05
Passive FTP	Alex Semenyaka	30 Aug 2005 13:05:48
Re: Passive FTP	Sergey Skvortsov	26 Aug 2005 16:27:19
Passive FTP	Alex Semenyaka	26 Aug 2005 17:58:10
Re: Passive FTP	Sergey Skvortsov	26 Aug 2005 23:39:28
Passive FTP	Alex Semenyaka	27 Aug 2005 14:15:52
Passive FTP	Slawa Olhovchenkov	27 Aug 2005 19:31:30
Re: Passive FTP	Kirill Ponomarew	27 Aug 2005 22:30:31
Re: Passive FTP	Sergey Skvortsov	30 Aug 2005 13:59:05
Passive FTP	Alex Semenyaka	30 Aug 2005 16:05:26
Re: Passive FTP	Sergey Skvortsov	30 Aug 2005 18:15:14
Passive FTP	Alex Semenyaka	30 Aug 2005 21:22:00
Re: Passive FTP	Paul Argentoff	30 Aug 2005 18:38:52
Passive FTP	Alex Semenyaka	30 Aug 2005 21:25:06
Re: Passive FTP	Gleb Smirnoff	26 Aug 2005 16:36:23
Passive FTP	Alex Semenyaka	26 Aug 2005 18:22:00
Re: Passive FTP	Eugene Grosbein	27 Aug 2005 02:15:57
Passive FTP	Alex Semenyaka	27 Aug 2005 14:09:36
Re: Passive FTP	Eugene Grosbein	28 Aug 2005 17:32:02
Passive FTP	Alex Semenyaka	28 Aug 2005 17:04:20
Re: Passive FTP	Valentin Davydov	28 Aug 2005 19:50:28
Re: Passive FTP	Kirill Ponomarew	28 Aug 2005 20:40:25
Passive FTP	Slawa Olhovchenkov	30 Aug 2005 16:00:50
Re: Passive FTP	Valentin Nechayev	30 Aug 2005 16:20:19
Passive FTP	Slawa Olhovchenkov	30 Aug 2005 16:30:24
Re: Passive FTP	Gleb Smirnoff	30 Aug 2005 17:56:48
Passive FTP	Alex Semenyaka	28 Aug 2005 19:20:52
Re: Passive FTP	Paul Argentoff	30 Aug 2005 15:35:32
Re: Passive FTP	Eugene Grosbein	30 Aug 2005 19:10:13
Re: Passive FTP	Paul Argentoff	30 Aug 2005 16:36:40
Re: Passive FTP	Eugene Grosbein	30 Aug 2005 20:22:30
Re: Passive FTP	Paul Argentoff	30 Aug 2005 18:26:19
Re: Passive FTP	Eugene Grosbein	30 Aug 2005 22:38:04
Re: Passive FTP	Paul Argentoff	31 Aug 2005 10:06:30
Re: Passive FTP	Paul Argentoff	31 Aug 2005 10:10:49
Passive FTP	Max Khon	31 Aug 2005 14:34:38
Re: Passive FTP	Eugene Grosbein	31 Aug 2005 16:32:13
Re: Passive FTP	Gleb Smirnoff	31 Aug 2005 12:58:43
Passive FTP	Slawa Olhovchenkov	31 Aug 2005 13:08:42
Re: Passive FTP	Gleb Smirnoff	31 Aug 2005 13:32:41
Re: Passive FTP	Andrew Filonov	31 Aug 2005 18:39:40
Re: Passive FTP	Paul Argentoff	30 Aug 2005 18:27:49
Re: Passive FTP	Eugene Grosbein	30 Aug 2005 22:53:56
Passive FTP	Alex Semenyaka	30 Aug 2005 21:53:54
Re: Passive FTP	Eugene Grosbein	31 Aug 2005 11:35:07
Passive FTP	Alex Semenyaka	30 Aug 2005 22:00:42
Re: Passive FTP	Paul Argentoff	31 Aug 2005 10:26:46
Re: Passive FTP	Paul Argentoff	31 Aug 2005 10:21:18
Passive FTP	Alex Semenyaka	30 Aug 2005 21:34:56
Re: Passive FTP	Eugene Grosbein	31 Aug 2005 08:54:08
Passive FTP	Alex Semenyaka	31 Aug 2005 22:31:26
Passive FTP	Alex Semenyaka	31 Aug 2005 22:41:18
Passive FTP	Alex Semenyaka	01 Sep 2005 01:29:58
Passive FTP	Alex Semenyaka	30 Aug 2005 21:31:10
Re: Passive FTP	Eugene Grosbein	31 Aug 2005 08:53:41
Passive FTP	Max Khon	31 Aug 2005 14:31:48
Re: Passive FTP	Eugene Grosbein	31 Aug 2005 16:28:14
Passive FTP	Alex Semenyaka	31 Aug 2005 22:26:06
Re: Passive FTP	Moderator of RU.UNIX.BSD	31 Aug 2005 23:54:16
Re: Passive FTP	Eugene Grosbein	01 Sep 2005 09:28:29
Passive FTP	Alex Semenyaka	01 Sep 2005 10:26:30
Re: Passive FTP	Eugene Grosbein	01 Sep 2005 16:50:38
Passive FTP	Max Khon	01 Sep 2005 15:49:14
Re: Passive FTP	Eugene Grosbein	01 Sep 2005 19:04:17
Passive FTP	Alex Semenyaka	31 Aug 2005 22:41:22
Passive FTP	Alex Semenyaka	01 Sep 2005 01:29:56
Re: Passive FTP	Gleb Smirnoff	30 Aug 2005 17:54:17
Passive FTP	Alex Semenyaka	30 Aug 2005 21:37:12
Re: Passive FTP	Gleb Smirnoff	31 Aug 2005 13:16:39
Passive FTP	Alex Semenyaka	31 Aug 2005 23:28:58
Re: Passive FTP	Gleb Smirnoff	01 Sep 2005 04:22:42
Re: Passive FTP	Valentin Nechayev	01 Sep 2005 10:54:18
Passive FTP	Slawa Olhovchenkov	01 Sep 2005 11:15:00
Re: Passive FTP	Gleb Smirnoff	01 Sep 2005 11:39:34
Passive FTP	Alex Semenyaka	01 Sep 2005 12:14:42
Passive FTP	Max Khon	01 Sep 2005 16:18:40
Passive FTP	Alex Semenyaka	01 Sep 2005 10:10:12
Re: Passive FTP	Gleb Smirnoff	01 Sep 2005 13:28:41
Passive FTP	Slawa Olhovchenkov	01 Sep 2005 08:39:14
Passive FTP	Alex Semenyaka	01 Sep 2005 10:45:02
Passive FTP	Slawa Olhovchenkov	01 Sep 2005 13:09:44
Passive FTP	Alex Semenyaka	30 Aug 2005 16:18:10
Re: Passive FTP	Paul Argentoff	30 Aug 2005 18:42:52
Passive FTP	Alex Semenyaka	30 Aug 2005 21:25:38
Re: Passive FTP	Paul Argentoff	31 Aug 2005 10:35:31
Passive FTP	Alex Semenyaka	31 Aug 2005 23:15:58
Re: Passive FTP	Paul Argentoff	01 Sep 2005 12:29:05
Passive FTP	Alex Semenyaka	01 Sep 2005 12:56:00
Re: Passive FTP	Paul Argentoff	01 Sep 2005 12:35:58
Passive FTP	Alex Semenyaka	01 Sep 2005 15:02:10
Passive FTP	Ilya Kulagin	31 Aug 2005 12:31:30
Passive FTP	Max Khon	29 Aug 2005 17:43:34
Re: Passive FTP	Eugene Grosbein	28 Aug 2005 23:30:07
Passive FTP	Alex Semenyaka	29 Aug 2005 13:16:12
Re: Passive FTP	Eugene Grosbein	29 Aug 2005 22:50:59
Passive FTP	Alex Semenyaka	30 Aug 2005 13:26:18
Re: Passive FTP	Eugene Grosbein	30 Aug 2005 19:02:03
Passive FTP	Alex Semenyaka	30 Aug 2005 20:51:36
Re: Passive FTP	Eugene Grosbein	31 Aug 2005 13:03:47
Re: Passive FTP	Paul Argentoff	31 Aug 2005 10:54:20
Re: Passive FTP	Eugene Grosbein	31 Aug 2005 14:49:49
Re: Passive FTP	Paul Argentoff	31 Aug 2005 13:06:27
Passive FTP	Alex Semenyaka	31 Aug 2005 23:47:30
Passive FTP	Alex Semenyaka	31 Aug 2005 23:08:28
Re: Passive FTP	Eugene Grosbein	01 Sep 2005 09:55:29
Passive FTP	Alex Semenyaka	01 Sep 2005 10:33:24
Re: Passive FTP	Paul Argentoff	01 Sep 2005 12:11:49
Passive FTP	Alex Semenyaka	01 Sep 2005 15:05:24
Re: Passive FTP	Andrew Filonov	24 Aug 2005 12:36:29
Re: Passive FTP	Victor Sudakov	24 Aug 2005 13:06:53
Passive FTP	Alex Semenyaka	23 Aug 2005 19:45:26
Re: Passive FTP	Gleb Smirnoff	23 Aug 2005 23:19:39
Passive FTP	Alex Semenyaka	23 Aug 2005 22:49:56
Re: Passive FTP	Paul Argentoff	29 Aug 2005 13:44:50
Re: Passive FTP	Valentin Nechayev	29 Aug 2005 14:43:43
Passive FTP	Alex Semenyaka	29 Aug 2005 15:16:40
Re: Passive FTP	Valentin Nechayev	30 Aug 2005 01:51:48
Passive FTP	Alex Semenyaka	30 Aug 2005 13:37:34
Re: Passive FTP	Valentin Nechayev	30 Aug 2005 16:10:09
Passive FTP	Alex Semenyaka	30 Aug 2005 20:59:00
Re: Passive FTP	Valentin Nechayev	30 Aug 2005 16:19:18
Passive FTP	Alex Semenyaka	30 Aug 2005 21:07:42
Passive FTP	Alex Semenyaka	29 Aug 2005 15:09:00
Re: Passive FTP	Valentin Nechayev	29 Aug 2005 14:29:29
Passive FTP	Alex Semenyaka	29 Aug 2005 15:06:54

Архивное /ru.unix.bsd/65776bb73b3b.html, оценка 1 из 5, голосов 10