Re: impossible circuit

["Jay R. Ashworth" <jra () baylink com>]

On Mon, Aug 11, 2008 at 03:17:18PM -0500, Justin Shore wrote:
> The OS X update I applied was the one that installed a host-based 
> firewall.  The update automatically turned on the FW and permitted all 
> local servers that were configured to run, in my case SSH, with 
> everything else being denied.  The FW on the OS X box normally wouldn't 
> see packets not destined for it until you put a nic in promisc mode such 
> as what happens when you run EtherPeek.  The OS X box's FW was getting 
> hits from traffic denied by it's ACL and was sending TCP RSTs faster 
> than hosts on the 'Net could respond.  It did this for everything except 
> SSH which it permitted (but higher up the IP stack it ignored because 
> the IP packet was address to the local box).
>
> This isn't in any way related to the problem at hand but it does 
> demonstrate that weird things happen when devices in unusual places 
> flood out all ports.

And this explains why in Bellovin's Wily Hacker book, there's an
anecdote about a sniffer machine on which they had to *physically cut
the transmit wire* because they could *not* get the machine to not...
do something.  ARP queries?

Cheers,
-- jra
-- 
Jay R. Ashworth                   Baylink                      jra () baylink com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com                     '87 e24
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274

             Those who cast the vote decide nothing.
             Those who count the vote decide everything.
               -- (Josef Stalin)