Date: Tue, 29 May 2001 15:56:07 -0500 From: "Thomas T. Veldhouse" <veldy@veldy.net> To: "Liran Dahan" <lirandb@netvision.net.il>, <freebsd-security@freebsd.org> Subject: Re: Syn+Fin (Setup) And TCP RST Message-ID: <007501c0e881$c86a78a0$0101a8c0@cascade> References: <010f01c0e888$5ab3c120$b88f39d5@a>
next in thread | previous in thread | raw e-mail | index | archive | help
NO. I have those options in my kernel and I have no such trouble connecting
via telnet.
Tom Veldhouse
veldy@veldy.net
PS HTML is a bit inappropriate for a public mailing list.
----- Original Message -----
From: Liran Dahan
To: freebsd-security@freebsd.org
Sent: Tuesday, May 29, 2001 4:43 PM
Subject: Syn+Fin (Setup) And TCP RST
I've added those 2 options in my kernel long time ago:
options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN
options TCP_RESTRICT_RST #restrict emission of TCP RST
Is this could be the reason why even when i add in my firewall to send RST
packets, it takes me 30 seconds till i get timeout of Connection refused
when i telneting my box on randomly closed ports.. ?
And about TCP_DROP_SYNFIN .. is this could be one of the reasons 'setup'
command 'aint working on my ipfw?
If my speculations are true... Why those kernel options are used for?
Thanks,
Liran Dahan (lirandb@netvision.net.il)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007501c0e881$c86a78a0$0101a8c0>