Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 30 May 2001 00:00:30 +0200
From:      "Liran Dahan" <lirandb@netvision.net.il>
To:        <freebsd-security@freebsd.org>
Subject:   Re: Syn+Fin (Setup) And TCP RST
Message-ID:  <00c501c0e88a$c6dd59e0$b88f39d5@a>
References:  <010f01c0e888$5ab3c120$b88f39d5@a> <007501c0e881$c86a78a0$0101a8c0@cascade>
next in thread | previous in thread | raw e-mail | index | archive | help 
I have no problem to connect via telnet either..
What i ment is that when im telnet for example:
to ip 192.115.25.1 (lets say its my freebsd with firewall and rule to reset
tcp requests) , it takes atleast 30 seconds till i get the message
connection refused..and i want it to take 1 sec.. That people even wont know
i have firewall installed...
and im pretty sure this RST option is doing some probs.

Thanks,

            Liran Dahan (lirandb@netvision.net.il)

----- Original Message -----
From: "Thomas T. Veldhouse" <veldy@veldy.net>
To: "Liran Dahan" <lirandb@netvision.net.il>; <freebsd-security@freebsd.org>
Sent: Tuesday, May 29, 2001 10:56 PM
Subject: Re: Syn+Fin (Setup) And TCP RST


> NO.  I have those options in my kernel and I have no such trouble
connecting
> via telnet.
>
> Tom Veldhouse
> veldy@veldy.net
>
> PS  HTML is a bit inappropriate for a public mailing list.
>
> ----- Original Message -----
> From: Liran Dahan
> To: freebsd-security@freebsd.org
> Sent: Tuesday, May 29, 2001 4:43 PM
> Subject: Syn+Fin (Setup) And TCP RST
>
>
> I've added those 2 options in my kernel long time ago:
> options         TCP_DROP_SYNFIN         #drop TCP packets with SYN+FIN
> options         TCP_RESTRICT_RST        #restrict emission of TCP RST
>
>
> Is this could be the reason why even when i add in my firewall to send RST
> packets, it takes me 30 seconds till i get timeout of Connection refused
> when i telneting my box on randomly closed ports.. ?
>
> And about TCP_DROP_SYNFIN .. is this could be one of the reasons 'setup'
> command 'aint working on my ipfw?
>
> If my speculations are true... Why those kernel options are used for?
>
> Thanks,
>
>           Liran Dahan (lirandb@netvision.net.il)
>
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00c501c0e88a$c6dd59e0$b88f39d5>