em0 hijacking traffic to port 623

[Ian FREISLICH]

=?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= wrote:
> Ian FREISLICH <ianf at clue.co.za> writes:
> > No, it's a March 6 current.  How safe is it to just update the
> > sys/dev/em directory and recompile?  Quite a lot has changed in
> > CURRENT since then and I don't want to update everything on these
> > servers just yet.
> 
> Quick workaround: configure inetd to listen to port 623 so rpcbind
> won't assign these ports to the NFS server.  Something like this:
> 
> asf-rmcp dgram  udp     nowait  root    /bin/false              false
> asf-rmcp stream tcp     nowait  root    /bin/false              false

This won't help me.

These hosts are routers for several large datacenters.  They're
blackholing all traffic with a destination port of 623 and probably
664 in hardware.  I wouldn't mind so much if it just did it for
it's own IP.

Ian

--
Ian Freislich