[rsbac] restricting network access

Amon Ott ao at rsbac.org
Thu Dec 18 09:18:51 CET 2003

On Donnerstag, 18. Dezember 2003 08:32, Andreas Baetz wrote:
> On Wednesday 17 December 2003 14:33, Amon Ott wrote:
> I used soft mode to get the connection and logged it with a sniffer.
> It seems that there is a SEND to the DNS Server, Port 53 (according to the 
> which gets logged as SEND to the DNS Server, remote Port 13568 (according to 
> Then there is a reply by the DNS Server from Port 53  (according to the 
> which gets logged as RECEIVE from the DNS Server, remote Port 13568 
(according to RSBAC).
> Local Ports are the same in both logs.
> The remote Port which is logged by RSBAC doesn't change over several tries, 
always 13568. 
> I have a firewall in place which would prevent and log UDP's to high ports 
such as 13568. 
> There is no firewall log, even in softmode, so I suppose the packets really 
go to remote Port 53.

OK, we almost got it: The byte order is wrong: 13568 is 256*53.

Please apply the attached patch against rsbac/data_structures/
aci_data_structures.c and retry. It might result in the wrong byte order at 
other places, so please be careful.

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
-------------- nächster Teil --------------
Ein Dateianhang mit Bin?rdaten wurde geschreddert...
Dateiname   : remote-temp.diff
Dateityp    : text/x-diff
Dateigr??e  : 556 bytes
Beschreibung: nicht verf?gbar
URL         : http://www.rsbac.org/pipermail/rsbac/attachments/20031218/e9783965/remote-temp.bin

More information about the rsbac mailing list