Re: packets with syn/fin vs pf_norm.c
From: Darren Reed (avalon_at_caligula.anu.edu.au)
Date: 07/06/05
- Previous message: Jesper Wallin: "Re: packets with syn/fin vs pf_norm.c"
- In reply to: Richard Coleman: "Re: packets with syn/fin vs pf_norm.c"
- Next in thread: fooler: "Re: packets with syn/fin vs pf_norm.c"
- Reply: fooler: "Re: packets with syn/fin vs pf_norm.c"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: rcoleman@criticalmagic.com (Richard Coleman) Date: Wed, 6 Jul 2005 13:56:38 +1000 (Australia/ACT)
In some mail from Richard Coleman, sie said:
> 1. I thought that T/TCP was being removed from FreeBSD (already happened?).
> 2. It's trivial to predict Theo's response to this.
> 3. Since T/TCP is rare, there is little motivation to alter scrub to
> function differently than OpenBSD with respect to these packets. If
> someone really needs this, there are plenty of alternatives.
I didn't know about (1) but I'd agree with (2) and (3).
> But more importantly, the original question has been lost. The original
> question was what should the various firewalls do when the kernel has
> been compiled with TCP_DROP_SYNFIN. Regardless of whether those packets
> are valid or not, a person may have reason to compile this feature into
> the kernel. So, should the firewalls acts differently if this kernel
> option is used?
IMHO, No.
Darren
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Jesper Wallin: "Re: packets with syn/fin vs pf_norm.c"
- In reply to: Richard Coleman: "Re: packets with syn/fin vs pf_norm.c"
- Next in thread: fooler: "Re: packets with syn/fin vs pf_norm.c"
- Reply: fooler: "Re: packets with syn/fin vs pf_norm.c"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
