Date: Sat, 19 Sep 1998 15:40:19 +1000 (EST) From: Darren Reed <avalon@coombs.anu.edu.au> To: bugtraq@netspace.org Subject: stopping "nack" `stealth' scanning. Message-ID: <199809190540.WAA23288@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
One of the other ways to stealth scan is observing which ports no
reply is received for. This patch causes RST's to be generated when
sending (for example) a FIN to a listening socket, the same as in all
other occasions. Patch provided by mycroft.
Darren
*** tcp_input.c.orig Sat Sep 19 14:52:06 1998
--- tcp_input.c Sat Sep 19 14:24:22 1998
***************
*** 618,624 ****
tiwin <<= tp->snd_scale;
goto after_listen;
}
! }
} else {
/*
* Received a SYN.
--- 618,625 ----
tiwin <<= tp->snd_scale;
goto after_listen;
}
! } else
! goto badsyn;
} else {
/*
* Received a SYN.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809190540.WAA23288>