Firewall Wizards mailing list archives
RE: fragmented packet from res6.geocities.com?
From: Karl Greenwood <Karl () pt-services co uk>
Date: Wed, 10 May 2000 12:46:32 +0100
Does the following connection attempt sound familiar to anyone: Apr 20 14:47:57 fw /kernel: ipfw: 9100 Deny TCP 209.1.224.16 12.38.161.54 in via fxp0 Fragment = 147 Apr 20 14:48:21 fw last message repeated 9 times Apr 20 14:50:26 fw last message repeated 33 times Apr 20 14:55:40 fw last message repeated 11 times
solved at last: Date: Tue, 09 May 2000 08:21:49 -0700 From: Deborah Barba <dbarba () yahoo-inc com> X-Mailer: Mozilla 4.61 [en] (X11; I; SunOS 5.6 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: karl () pt-services co uk, dbarba <dbarba () yahoo-inc com> Subject: Yahoo! bug Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit It appears that you have gotten the subject right in the email. This is a known bug that we are working on at the Yahoo GeoCities property. We have a piece of software that, when someone visits a GeoCities.com page, sends out a fragmented IP to verify that the originator of the request is valid. We are working with the vendor to remove that check, but it appears that there have been some parts of the code that were not cleared out. The IP that the packets are coming from, res6, is a virtual ip, and does not have a real interface on any machine. I will go back to the vendor with your complaint. Lets hope the can find that errant code. Thank you, and if you have any questions, don't hesitate to ask.
Current thread:
- RE: fragmented packet from res6.geocities.com? Karl Greenwood (May 12)
- 19932 port Ilya (May 15)
- Re: 19932 port Talisker (May 17)
- 19932 port Ilya (May 15)