Re: packets with syn/fin vs pf_norm.c
From: fooler (fooler_at_skyinet.net)
Date: 07/06/05
- Previous message: Dag-Erling Smørgrav: "Re: packets with syn/fin vs pf_norm.c"
- In reply to: Dag-Erling Smørgrav: "Re: packets with syn/fin vs pf_norm.c"
- Next in thread: Garrett Wollman: "Re: packets with syn/fin vs pf_norm.c"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Jesper Wallin" <jesper@hackunite.net>, Dag-Erling Smørgrav <des@des.no> Date: Wed, 6 Jul 2005 14:11:40 +0800
----- Original Message -----
From: "Dag-Erling Smørgrav" <des@des.no>
To: "Jesper Wallin" <jesper@hackunite.net>
Cc: <freebsd-security@freebsd.org>; "Darren Reed"
<avalon@caligula.anu.edu.au>
Sent: Wednesday, July 06, 2005 1:39 PM
Subject: Re: packets with syn/fin vs pf_norm.c
> The TCP_DROP_SYNFIN option should be removed; it has long outlived its
> original purpose (which was to prevent nmap identification of IRC
> servers which didn't run ipfw for performance reasons, back in the 3.0
> days)
i vote not to remove because it just an option there whether you want it or
not for added protection for OS fingerprinting...
standard tcp is the most rampant used than t/tcp and most (or all) tcp
modules are not combining syn + fin flag in a tcp datagram for normal tcp
transaction...
fooler.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Dag-Erling Smørgrav: "Re: packets with syn/fin vs pf_norm.c"
- In reply to: Dag-Erling Smørgrav: "Re: packets with syn/fin vs pf_norm.c"
- Next in thread: Garrett Wollman: "Re: packets with syn/fin vs pf_norm.c"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
