Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 30 May 2001 00:11:00 +0200
From:      "Liran Dahan" <lirandb@netvision.net.il>
To:        <freebsd-security@freebsd.org>
Subject:   Re: Syn+Fin (Setup) And TCP RST
Message-ID:  <012601c0e88c$3e6efb20$b88f39d5@a>
References:  <010f01c0e888$5ab3c120$b88f39d5@a> <200105291052100670.246E525C@smtp>
next in thread | previous in thread | raw e-mail | index | archive | help 
Yes, you right, i noticed it just now, i've changed the variable
net.inet.tcp.restrict_rst to 1 and saw it took me ages till i got Connection
timeout.. so what can be the problem.. why my firewall is not sending TCP
RST when im doing ipfw add reset tcp from any to any ?

-Liran Dahan- (lirandb@netvision.net.il)
----- Original Message -----
From: "Arthur W. Neilson III" <art@pilikia.net>
To: "Liran Dahan" <lirandb@netvision.net.il>
Sent: Tuesday, May 29, 2001 10:52 PM
Subject: Re: Syn+Fin (Setup) And TCP RST


> adding these options to your kernel config merely compiles in
> the code to support these features.  In order to actually turn them
> on you have to set the variables in rc.conf to "YES" or turn them
> on via sysctl(1) ...
>
> # For the following two options, you need to have
> # TCP_DROP_SYNFIN and TCP_RESTRICT_RST
> # set in your kernel. Please refer to LINT for details.
> tcp_drop_synfin="NO"            # Set to YES to drop TCP w/SYN+FIN
>                                                   # NOTE: this violates
the TCP specification
> tcp_restrict_rst="NO"              # Set to YES to restrict emission of
RST
>
> On 5/29/01 at 11:43 PM Liran Dahan wrote:
> >
> >I've added those 2 options in my kernel long time ago:
> >options         TCP_DROP_SYNFIN         #drop TCP packets with SYN+FIN
> >options         TCP_RESTRICT_RST        #restrict emission of TCP RST
>
> --
>     __
>    /  )    _/_  It is a capital mistake to theorise before one has data.
>   /--/ __  /    Insensibly one begins to twist facts to suit theories,
>  /  (_/ (_<__   Instead of theories to suit facts.
>                      -- Sherlock Holmes, "A Scandal in Bohemia"
>  Arthur W. Neilson III, WH7N - FISTS #7448
>  Bank of Hawaii Tech Support
>  http://www.pilikia.net
>  art@pilikia.net, aneilson@boh.com, wh7n@arrl.net
>
>
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?012601c0e88c$3e6efb20$b88f39d5>