From owner-freebsd-security Tue May 29 14: 0:28 2001 Delivered-To: freebsd-security@freebsd.org Received: from alpha.netvision.net.il (alpha.netvision.net.il [194.90.1.13]) by hub.freebsd.org (Postfix) with ESMTP id 4664F37B423 for ; Tue, 29 May 2001 14:00:23 -0700 (PDT) (envelope-from lirandb@netvision.net.il) Received: from a ([213.57.143.184]) by alpha.netvision.net.il (8.9.3/8.8.6) with SMTP id AAA31413 for ; Wed, 30 May 2001 00:00:21 +0300 (IDT) Message-ID: <00c501c0e88a$c6dd59e0$b88f39d5@a> From: "Liran Dahan" To: References: <010f01c0e888$5ab3c120$b88f39d5@a> <007501c0e881$c86a78a0$0101a8c0@cascade> Subject: Re: Syn+Fin (Setup) And TCP RST Date: Wed, 30 May 2001 00:00:30 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1255" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have no problem to connect via telnet either.. What i ment is that when im telnet for example: to ip 192.115.25.1 (lets say its my freebsd with firewall and rule to reset tcp requests) , it takes atleast 30 seconds till i get the message connection refused..and i want it to take 1 sec.. That people even wont know i have firewall installed... and im pretty sure this RST option is doing some probs. Thanks, Liran Dahan (lirandb@netvision.net.il) ----- Original Message ----- From: "Thomas T. Veldhouse" To: "Liran Dahan" ; Sent: Tuesday, May 29, 2001 10:56 PM Subject: Re: Syn+Fin (Setup) And TCP RST > NO. I have those options in my kernel and I have no such trouble connecting > via telnet. > > Tom Veldhouse > veldy@veldy.net > > PS HTML is a bit inappropriate for a public mailing list. > > ----- Original Message ----- > From: Liran Dahan > To: freebsd-security@freebsd.org > Sent: Tuesday, May 29, 2001 4:43 PM > Subject: Syn+Fin (Setup) And TCP RST > > > I've added those 2 options in my kernel long time ago: > options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN > options TCP_RESTRICT_RST #restrict emission of TCP RST > > > Is this could be the reason why even when i add in my firewall to send RST > packets, it takes me 30 seconds till i get timeout of Connection refused > when i telneting my box on randomly closed ports.. ? > > And about TCP_DROP_SYNFIN .. is this could be one of the reasons 'setup' > command 'aint working on my ipfw? > > If my speculations are true... Why those kernel options are used for? > > Thanks, > > Liran Dahan (lirandb@netvision.net.il) > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message