by redmail.netbsd.org with SMTP; 20 Sep 1999 09:39:44 -0000
	by antioche.lip6.fr (8.9.3/8.9.3) with ESMTP id LAA14382;
	Mon, 20 Sep 1999 11:39:43 +0200 (MEST)
Date: Mon, 20 Sep 1999 11:39:42 +0200
From: Manuel Bouyer <bouyer@antioche.lip6.fr>
To: Mason Loring Bliss <mason@acheron.middleboro.ma.us>
Cc: tech-security@netbsd.org
Subject: Re: Odd ipf behaviour?
Message-ID: <19990920113942.A4576@antioche.lip6.fr>
References: <19990919221430.L485@acheron.middleboro.ma.us>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <19990919221430.L485@acheron.middleboro.ma.us>; from Mason Loring Bliss on Sun, Sep 19, 1999 at 10:14:30PM -0400

On Sun, Sep 19, 1999 at 10:14:30PM -0400, Mason Loring Bliss wrote:
> Hi. I've been looking at some strange stuff in my ipmon logs lately, and I'd
> dearly love it if someone would give me a clue about what's happening here.
> The following isn't a complete log, but it's representative of what I'm seeing.
> 
> ep0 is my outside interface. I'm using the 10.x.x.x network internally.
> Since these packets were destined to something in the ten net, don't they
> have to be source routed? Dropping packets with options is my first rule,
> but this stuff didn't get processed until way further down, PAST the ipopts
> rule. Can someone make sense of this?

Isn't 209.67.38.62 on the same subnet as your ep0 interface ?
If so they don't have to be source routed.

--
Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
--