From owner-freebsd-net@FreeBSD.ORG  Mon Oct 22 18:18:38 2012
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 6C218419
 for <freebsd-net@freebsd.org>; Mon, 22 Oct 2012 18:18:38 +0000 (UTC)
 (envelope-from s.khanchi@gmail.com)
Received: from mail-ie0-f182.google.com (mail-ie0-f182.google.com
 [209.85.223.182])
 by mx1.freebsd.org (Postfix) with ESMTP id 290608FC08
 for <freebsd-net@freebsd.org>; Mon, 22 Oct 2012 18:18:37 +0000 (UTC)
Received: by mail-ie0-f182.google.com with SMTP id k10so5471377iea.13
 for <freebsd-net@freebsd.org>; Mon, 22 Oct 2012 11:18:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:sender:in-reply-to:references:from:date
 :x-google-sender-auth:message-id:subject:to:cc:content-type;
 bh=pM1bQ+1oirf9udNvcy5AInbFe1HgQ5g9+0uqjjhhnFE=;
 b=LVIlBoxjsc6k0ZwHNvANCGavr+iypspWFdmU7g/G0UVmbVaUVRdhKY/UL5Ig19Km/K
 iQmbkGMKV3i6ESpz03rCRmMUWPNfP3cTLKBMYtDYFzWCJMBBWjeJj2a0AKT5VckPlPJ3
 xwonrw10KoX11Q2z+rwwEiunYo9bMOSvSbv4CzieWcKnubVExShRHTdvytjTJXYKFgBb
 ivmG6BrRNiTxuvn+7qmaNgM/8RjEqlsnsFCBB0N74gIWJXDN3Tk0CHUZdba+uxz8BQTq
 Wg5KxE7aij5l8oTR3O13SiwZbpNf1n1rOnlxxW+5n6lN3QMaKXKiBmv9CMLBVWSGrRVR
 jcPA==
Received: by 10.50.94.198 with SMTP id de6mr10047755igb.49.1350929917270; Mon,
 22 Oct 2012 11:18:37 -0700 (PDT)
MIME-Version: 1.0
Sender: s.khanchi@gmail.com
Received: by 10.64.51.234 with HTTP; Mon, 22 Oct 2012 11:18:17 -0700 (PDT)
In-Reply-To: <5080039E.9070202@networx.ch>
References: <CAARSjE15=zkw0V3hWFgmt0drnAOzB+UZ9TGZo+4Z9UcgNLPG4A@mail.gmail.com>
 <5080039E.9070202@networx.ch>
From: h bagade <bagadeh@gmail.com>
Date: Mon, 22 Oct 2012 21:48:17 +0330
X-Google-Sender-Auth: GAOZxRl-RXXxUnlmHlNlTe0GEog
Message-ID: <CAARSjE0R1qU2=gcm0g4iWWAFUfZgdajd=5O4bECa8k37qLFWGA@mail.gmail.com>
Subject: Re: TCP_DROP_SYNFIN kernel option side effects?!
To: Andre Oppermann <oppermann@networx.ch>
Content-Type: text/plain; charset=ISO-8859-1
X-Content-Filtered-By: Mailman/MimeDel 2.1.14
Cc: freebsd-net@freebsd.org
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Oct 2012 18:18:38 -0000

Thanks Andre for your answer:)

On Thu, Oct 18, 2012 at 4:56 PM, Andre Oppermann <oppermann@networx.ch>wrote:

> On 16.10.2012 17:27, h bagade wrote:
>
>> Hi all,
>>
>> I need to add this option to kernel in order to defeating Nmap
>> OS-Fingerprinting. My system is running as Web Server and  also it is the
>> gateway on the network.
>> I want to know if setting this option has any side effects on other parts
>> of the system? Is there any situation that SYN and FIN bits are set both
>> in
>> TCP packets? Is it a normal situation?
>>
>
> SYN and FIN is not normal. Doing TCP_DROP_SYNFIN is not RFC compliant
> but doesn't cause any problems.
>
> --
> Andre
>
>