Date: Tue, 29 May 2001 13:55:33 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Liran Dahan <lirandb@netvision.net.il> Cc: freebsd-security@freebsd.org Subject: Re: Syn+Fin (Setup) And TCP RST Message-ID: <20010529135533.B99627@xor.obsecurity.org> In-Reply-To: <010f01c0e888$5ab3c120$b88f39d5@a>; from lirandb@netvision.net.il on Tue, May 29, 2001 at 11:43:09PM %2B0200 References: <010f01c0e888$5ab3c120$b88f39d5@a>
next in thread | previous in thread | raw e-mail | index | archive | help
--bCsyhTFzCvuiizWE
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, May 29, 2001 at 11:43:09PM +0200, Liran Dahan wrote:
> I've added those 2 options in my kernel long time ago:
> options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN
> options TCP_RESTRICT_RST #restrict emission of TCP RST =
=20
> Is this could be the reason why even when i add in my firewall to
> send RST packets, it takes me 30 seconds till i get timeout of
> Connection refused when i telneting my box on randomly closed
> ports.. ?
Could be.
> And about TCP_DROP_SYNFIN .. is this could be one of the reasons
> 'setup' command 'aint working on my ipfw?
I'm less sure about this one.
> If my speculations are true... Why those kernel options are used for?
People who want that behaviour. See the comments in LINT about both
options.
Kris
--bCsyhTFzCvuiizWE
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE7FAzEWry0BWjoQKURAoBgAJ94Qas3HXYnKX+aYm5Nk2kzQ+PrJQCg/Q2c
s7+0reIGt2tP6bKBRrVk8PA=
=UOp4
-----END PGP SIGNATURE-----
--bCsyhTFzCvuiizWE--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010529135533.B99627>