From owner-freebsd-security  Tue May 29 13:59: 7 2001
Delivered-To: freebsd-security@freebsd.org
Received: from i-sphere.com (shell.i-sphere.com [209.249.146.70])
	by hub.freebsd.org (Postfix) with ESMTP id D914F37B423
	for <freebsd-security@FreeBSD.ORG>; Tue, 29 May 2001 13:59:02 -0700 (PDT)
	(envelope-from fasty@i-sphere.com)
Received: (from fasty@localhost)
	by i-sphere.com (8.11.3/8.11.3) id f4TL2BP12260;
	Tue, 29 May 2001 14:02:11 -0700 (PDT)
	(envelope-from fasty)
Date: Tue, 29 May 2001 14:02:10 -0700
From: faSty <fasty@i-sphere.com>
To: Liran Dahan <lirandb@netvision.net.il>,
	freebsd-security@FreeBSD.ORG
Subject: Re: Syn+Fin (Setup) And TCP RST
Message-ID: <20010529140207.A12246@i-sphere.com>
References: <010f01c0e888$5ab3c120$b88f39d5@a> <007501c0e881$c86a78a0$0101a8c0@cascade>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <007501c0e881$c86a78a0$0101a8c0@cascade>; from veldy@veldy.net on Tue, May 29, 2001 at 03:56:07PM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

I have TCP_DROP_SYNFIN and RST enabled on my server. I have no problem
connection via telnet or any service.

-trev


On Tue, May 29, 2001 at 03:56:07PM -0500, Thomas T. Veldhouse wrote:
> NO.  I have those options in my kernel and I have no such trouble connecting
> via telnet.
> 
> Tom Veldhouse
> veldy@veldy.net
> 
> PS  HTML is a bit inappropriate for a public mailing list.
> 
> ----- Original Message -----
> From: Liran Dahan
> To: freebsd-security@freebsd.org
> Sent: Tuesday, May 29, 2001 4:43 PM
> Subject: Syn+Fin (Setup) And TCP RST
> 
> 
> I've added those 2 options in my kernel long time ago:
> options         TCP_DROP_SYNFIN         #drop TCP packets with SYN+FIN
> options         TCP_RESTRICT_RST        #restrict emission of TCP RST
> 
> 
> Is this could be the reason why even when i add in my firewall to send RST
> packets, it takes me 30 seconds till i get timeout of Connection refused
> when i telneting my box on randomly closed ports.. ?
> 
> And about TCP_DROP_SYNFIN .. is this could be one of the reasons 'setup'
> command 'aint working on my ipfw?
> 
> If my speculations are true... Why those kernel options are used for?
> 
> Thanks,
> 
>           Liran Dahan (lirandb@netvision.net.il)
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message