Re: Syn+Fin (Setup) And TCP RST

From: Thomas T. Veldhouse (veldy@veldy.net)
Date: 05/29/01 

From: "Thomas T. Veldhouse" <veldy@veldy.net>
To: "Liran Dahan" <lirandb@netvision.net.il>, <freebsd-security@freebsd.org>
Date: Tue, 29 May 2001 15:56:07 -0500

NO. I have those options in my kernel and I have no such trouble connecting
via telnet.

Tom Veldhouse
veldy@veldy.net

PS HTML is a bit inappropriate for a public mailing list.

----- Original Message -----
From: Liran Dahan
To: freebsd-security@freebsd.org
Sent: Tuesday, May 29, 2001 4:43 PM
Subject: Syn+Fin (Setup) And TCP RST

I've added those 2 options in my kernel long time ago:
options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN
options TCP_RESTRICT_RST #restrict emission of TCP RST

Is this could be the reason why even when i add in my firewall to send RST
packets, it takes me 30 seconds till i get timeout of Connection refused
when i telneting my box on randomly closed ports.. ?

And about TCP_DROP_SYNFIN .. is this could be one of the reasons 'setup'
command 'aint working on my ipfw?

If my speculations are true... Why those kernel options are used for?

Thanks,

          Liran Dahan (lirandb@netvision.net.il)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: [PATCH] CodingStyle: add typedefs chapter
    ... The reason we have them for things like pte_t etc. is that there ... then by all means go ahead and use a typedef. ... New types which are identical to standard C99 types, ... covers RTL which is used frequently with assembly language in the kernel. ...
    (Linux-Kernel)
  • Re: Forth for Mac OS X Leopard (Intel) - what are the options?
    ... As I understand it even FreeBSD binaries are elf. ... If the .data section works for the kernel part of xina, ... The official way is to use linker scripts. ... For some reason a normal start address in linux32 is around ...
    (comp.lang.forth)
  • Re: SuSE: migrating tot linux software RAID?
    ... > third machine with a megaraid that crashed because of this kernel ... >> The reason that you had data loss at all... ... > I had backups and successfully restored the system after a full install. ...
    (alt.os.linux.suse)
  • Re: eradicating out of tree modules (was: : Linux Security *Module* Framework)
    ... reasons, won't ever be accepted into the mainline kernel tree, what you ... crashes of "the Linux kernel" caused by some binary-only driver. ... it's still a reason for fixing the real problem. ...
    (Linux-Kernel)
  • Re: RFT: updatedb "morning after" problem [was: Re: -mm merge plans for 2.6.23]
    ... Upon completion, it actually frees enough memory that swap-prefetch _could_ help on some boxes, while the real issue is that they should first and foremost dump GNU locate. ... I'm not saying the kernel needs to fix the software itself, but the kernel should try and keep such software from hurting the rest of the system where it can. ... (reading this thread it sometimes seems like the downside is that updatedb shouldn't cause this problem and so if you fixed updatedb there wold be no legitimate benifit, or alturnatly this patch doesn't help updatedb so there's no legitimate benifit) ... it's not that they shouldn't have been swapped out, it's that the reason they were swapped out no longer exists. ...
    (Linux-Kernel)