From owner-freebsd-questions  Tue Jan 16  3:57:22 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from caligula.anu.edu.au (caligula.anu.edu.au [150.203.224.42])
	by hub.freebsd.org (Postfix) with ESMTP
	id DCA1237B69B; Tue, 16 Jan 2001 03:57:01 -0800 (PST)
Received: (from avalon@localhost)
	by caligula.anu.edu.au (8.9.3/8.9.3) id WAA15035;
	Tue, 16 Jan 2001 22:56:48 +1100 (EST)
From: Darren Reed <avalon@coombs.anu.edu.au>
Message-Id: <200101161156.WAA15035@caligula.anu.edu.au>
Subject: Re: TCP_DROP_SYNFIN
In-Reply-To: <004a01c07f90$29bcef80$0300a8c0@wilma> from Dennis Jun at "Jan 16, 1 02:44:31 am"
To: dennisjun@home.com (Dennis Jun)
Date: Tue, 16 Jan 2001 22:56:47 +1100 (EST)
Cc: freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL39 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In some mail from Dennis Jun, sie said:
> I have compiled this option in my kernel on 3 differents FreeBSD boxes
> (4.1.1-STABLE, 4.1-RELEASEs) and I have noticed that it doesn't work all
> the time. Specifically with this scan  nmap -v -O -sS .  Is it just me or
> does this not work for other people as well?

This is a bullshit change/patch (sorry for being blunt).  I think your aim
for this (defeat nmap scanning) is a load of horse manure.

Use ipfw/ipfilter to do this.

Darren


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message