Re: weird scans from port 80

From: Fredderic (fredderic@iprimus.com.au)
Date: 01/29/03


From: "Fredderic" <fredderic@iprimus.com.au>
Date: Wed, 29 Jan 2003 23:26:51 +1000


> From RFC 793 page 36:
> As a general rule, reset (RST) must be sent whenever a segment
> arrives which apparently is not intended for the current connection.

In a perfect world, DROP would be unnecesary.
Unfortunately, this ain't a perfect world.

So stick your RFC's where they fit, and try to help the person with a
realisitic answer. THEN you can point out why it's evil with my and
everyone else's heart-felt blessing.



Relevant Pages

  • Re: weird scans from port 80
    ... reset (RST) must be sent whenever a segment ... >> arrives which apparently is not intended for the current connection. ... "A reset must not be sent if it is not clear ...
    (comp.os.linux.security)
  • Re: Some questions about the new TCP congestion control code
    ... restarting an idle connection based on ss_fltsz seemed ... the congestion window from collapsing when the connection was idle. ... will not send out a "short" segment for the amount of window space released. ...
    (freebsd-net)
  • Re: recv() for buffered data after peer disconnected
    ... For a connection reset, ... When the process on the other reaches the FIN ... The TCP specification ... RST to show that data was lost. ...
    (comp.unix.programmer)
  • Re: weird scans from port 80
    ... the attack to hide their own identity. ... >> It specifies in all details when to send RST and when not to. ... requiring a reset in response to an unexpected TCP packet? ... So if the connection is in the CLOSED state (which is ...
    (comp.os.linux.security)
  • RE: [fw-wiz] Maximum number of subnets on a firewall
    ... Indeed network connectivity from any subnet to any subnet is on a need ... trying to create a connection from anywhere to anywhere. ... segment is considered a weak link and to avoid exploiting it all devices on ...
    (Firewall-Wizards)