impossible circuit

Jay R. Ashworth jra at
Mon Aug 11 15:22:28 CDT 2008

On Mon, Aug 11, 2008 at 03:17:18PM -0500, Justin Shore wrote:
> The OS X update I applied was the one that installed a host-based 
> firewall.  The update automatically turned on the FW and permitted all 
> local servers that were configured to run, in my case SSH, with 
> everything else being denied.  The FW on the OS X box normally wouldn't 
> see packets not destined for it until you put a nic in promisc mode such 
> as what happens when you run EtherPeek.  The OS X box's FW was getting 
> hits from traffic denied by it's ACL and was sending TCP RSTs faster 
> than hosts on the 'Net could respond.  It did this for everything except 
> SSH which it permitted (but higher up the IP stack it ignored because 
> the IP packet was address to the local box).
> This isn't in any way related to the problem at hand but it does 
> demonstrate that weird things happen when devices in unusual places 
> flood out all ports.

And this explains why in Bellovin's Wily Hacker book, there's an
anecdote about a sniffer machine on which they had to *physically cut
the transmit wire* because they could *not* get the machine to not...
do something.  ARP queries?

-- jra
Jay R. Ashworth                   Baylink                      jra at
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates                     '87 e24
St Petersburg FL USA             +1 727 647 1274

	     Those who cast the vote decide nothing.
	     Those who count the vote decide everything.
	       -- (Josef Stalin)

More information about the NANOG mailing list