From owner-freebsd-security  Thu Jan 18  6:17: 9 2001
Delivered-To: freebsd-security@freebsd.org
Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17])
	by hub.freebsd.org (Postfix) with ESMTP id 6E5CF37B402
	for <freebsd-security@freebsd.org>; Thu, 18 Jan 2001 06:16:49 -0800 (PST)
Received: from roman (helo=localhost)
	by jamus.xpert.com with local-esmtp (Exim 3.12 #5)
	id 14JFrp-0004Qw-00; Thu, 18 Jan 2001 16:16:45 +0200
Date: Thu, 18 Jan 2001 16:16:45 +0200 (IST)
From: Roman Shterenzon <roman@xpert.com>
To: Pavol Adamec <pavol_adamec@tempest.sk>
Cc: <freebsd-security@freebsd.org>
Subject: Re: TCP_DROP_SYNFIN
In-Reply-To: <3A63FFF9.8E64A6AA@tempest.sk>
Message-ID: <Pine.LNX.4.30.0101181615560.11183-100000@jamus.xpert.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, 16 Jan 2001, Pavol Adamec wrote:

> I'm not sure what you excatly ment by that but:
>
> TCP_DROP_SYNFIN forces kernel to drop packets with BOTH SYN and
> FIN flags set. nmap -sS is a "half-open scan" - it send packets
> with only SYN flag set.
> What you likely want is TCP_RESTRICT_RST - not to emit RST for SYN
> packets to non-listening ports.
I thought that this is what blackhole(4) is for. Can you explain?

>
> Paul
>
> Dennis Jun wrote:
> >
> > I have compiled this option in my kernel on 3 differents FreeBSD boxes
> > (4.1.1-STABLE, 4.1-RELEASEs) and I have noticed that it doesn't work all
> > the time. Specifically with this scan  nmap -v -O -sS .  Is it just me or
> > does this not work for other people as well?
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
>
> Dennis Jun wrote:
> >
> > I have compiled this option in my kernel on 3 differents FreeBSD boxes
> > (4.1.1-STABLE, 4.1-RELEASEs) and I have noticed that it doesn't work all
> > the time. Specifically with this scan  nmap -v -O -sS .  Is it just me or
> > does this not work for other people as well?
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>

--Roman Shterenzon, UNIX System Administrator and Consultant
[ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ]



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message