From owner-freebsd-security  Tue May 29 13:56:18 2001
Delivered-To: freebsd-security@freebsd.org
Received: from veldy.net (w028.z064001117.msp-mn.dsl.cnc.net [64.1.117.28])
	by hub.freebsd.org (Postfix) with ESMTP id 6337A37B422
	for <freebsd-security@freebsd.org>; Tue, 29 May 2001 13:56:14 -0700 (PDT)
	(envelope-from veldy@veldy.net)
Received: from cascade (cascade.veldy.net [192.168.1.1])
	by veldy.net (Postfix) with SMTP
	id E1F0CBAAB; Tue, 29 May 2001 15:56:07 -0500 (CDT)
Message-ID: <007501c0e881$c86a78a0$0101a8c0@cascade>
From: "Thomas T. Veldhouse" <veldy@veldy.net>
To: "Liran Dahan" <lirandb@netvision.net.il>,
	<freebsd-security@freebsd.org>
References: <010f01c0e888$5ab3c120$b88f39d5@a>
Subject: Re: Syn+Fin (Setup) And TCP RST
Date: Tue, 29 May 2001 15:56:07 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="windows-1255"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

NO.  I have those options in my kernel and I have no such trouble connecting
via telnet.

Tom Veldhouse
veldy@veldy.net

PS  HTML is a bit inappropriate for a public mailing list.

----- Original Message -----
From: Liran Dahan
To: freebsd-security@freebsd.org
Sent: Tuesday, May 29, 2001 4:43 PM
Subject: Syn+Fin (Setup) And TCP RST


I've added those 2 options in my kernel long time ago:
options         TCP_DROP_SYNFIN         #drop TCP packets with SYN+FIN
options         TCP_RESTRICT_RST        #restrict emission of TCP RST


Is this could be the reason why even when i add in my firewall to send RST
packets, it takes me 30 seconds till i get timeout of Connection refused
when i telneting my box on randomly closed ports.. ?

And about TCP_DROP_SYNFIN .. is this could be one of the reasons 'setup'
command 'aint working on my ipfw?

If my speculations are true... Why those kernel options are used for?

Thanks,

          Liran Dahan (lirandb@netvision.net.il)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message