From owner-freebsd-security Tue May 29 14: 4:22 2001 Delivered-To: freebsd-security@freebsd.org Received: from i-sphere.com (shell.i-sphere.com [209.249.146.70]) by hub.freebsd.org (Postfix) with ESMTP id 0889637B422 for ; Tue, 29 May 2001 14:04:18 -0700 (PDT) (envelope-from fasty@i-sphere.com) Received: (from fasty@localhost) by i-sphere.com (8.11.3/8.11.3) id f4TL7UR12344; Tue, 29 May 2001 14:07:30 -0700 (PDT) (envelope-from fasty) Date: Tue, 29 May 2001 14:07:30 -0700 From: faSty To: Liran Dahan Cc: freebsd-security@freebsd.org Subject: Re: Syn+Fin (Setup) And TCP RST Message-ID: <20010529140730.C12246@i-sphere.com> References: <010f01c0e888$5ab3c120$b88f39d5@a> <007501c0e881$c86a78a0$0101a8c0@cascade> <00c501c0e88a$c6dd59e0$b88f39d5@a> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <00c501c0e88a$c6dd59e0$b88f39d5@a>; from lirandb@netvision.net.il on Wed, May 30, 2001 at 12:00:30AM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org make sure your box able resolve 192.115.25.1, If it doesnt resolve and it takes forever to let you enter the box via telnet. It happened to me once or twice. add that address in /etc/hosts 192.115.25.1 hostname or localhost whatever you like. -trev On Wed, May 30, 2001 at 12:00:30AM +0200, Liran Dahan wrote: > I have no problem to connect via telnet either.. > What i ment is that when im telnet for example: > to ip 192.115.25.1 (lets say its my freebsd with firewall and rule to reset > tcp requests) , it takes atleast 30 seconds till i get the message > connection refused..and i want it to take 1 sec.. That people even wont know > i have firewall installed... > and im pretty sure this RST option is doing some probs. > > Thanks, > > Liran Dahan (lirandb@netvision.net.il) > > ----- Original Message ----- > From: "Thomas T. Veldhouse" > To: "Liran Dahan" ; > Sent: Tuesday, May 29, 2001 10:56 PM > Subject: Re: Syn+Fin (Setup) And TCP RST > > > > NO. I have those options in my kernel and I have no such trouble > connecting > > via telnet. > > > > Tom Veldhouse > > veldy@veldy.net > > > > PS HTML is a bit inappropriate for a public mailing list. > > > > ----- Original Message ----- > > From: Liran Dahan > > To: freebsd-security@freebsd.org > > Sent: Tuesday, May 29, 2001 4:43 PM > > Subject: Syn+Fin (Setup) And TCP RST > > > > > > I've added those 2 options in my kernel long time ago: > > options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN > > options TCP_RESTRICT_RST #restrict emission of TCP RST > > > > > > Is this could be the reason why even when i add in my firewall to send RST > > packets, it takes me 30 seconds till i get timeout of Connection refused > > when i telneting my box on randomly closed ports.. ? > > > > And about TCP_DROP_SYNFIN .. is this could be one of the reasons 'setup' > > command 'aint working on my ipfw? > > > > If my speculations are true... Why those kernel options are used for? > > > > Thanks, > > > > Liran Dahan (lirandb@netvision.net.il) > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message