Date: Mon, 17 Dec 2001 09:31:03 +0200 From: Paulius Bulotas <paulius@kaktusas.org> To: freebsd-security@freebsd.org Subject: options TCP_DROP_SYNFIN Message-ID: <20011217073102.GA94480@noname>
next in thread | raw e-mail | index | archive | help
Hello, in LINT there is a comment for ^ option: # TCP_DROP_SYNFIN adds support for ignoring TCP packets with # SYN+FIN. This prevents nmap et al. from identifying the # TCP/IP stack, but breaks support for RFC1644 extensions # and is not recommended for web servers. So, what's wrong, if it will be included/enabled on web server? I've read rfc quickly, but haven't found anything that would be useful for web servers (or that's only intended for future use?) and was really used at this time widely. Anyone can explain, why enabling this option is wrong on web server? Regards, Paulius To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011217073102.GA94480>