From owner-freebsd-security  Fri Sep 18 22:40:59 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id WAA23309
          for freebsd-security-outgoing; Fri, 18 Sep 1998 22:40:59 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from cheops.anu.edu.au (cheops.anu.edu.au [150.203.224.24])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA23288
          for <security@freebsd.org>; Fri, 18 Sep 1998 22:40:56 -0700 (PDT)
          (envelope-from avalon@coombs.anu.edu.au)
Message-Id: <199809190540.WAA23288@hub.freebsd.org>
Received: by cheops.anu.edu.au
	(1.37.109.16/16.2) id AA131023619; Sat, 19 Sep 1998 15:40:19 +1000
From: Darren Reed <avalon@coombs.anu.edu.au>
Subject: stopping "nack" `stealth' scanning.
To: bugtraq@netspace.org
Date: Sat, 19 Sep 1998 15:40:19 +1000 (EST)
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

One of the other ways to stealth scan is observing which ports no
reply is received for.  This patch causes RST's to be generated when
sending (for example) a FIN to a listening socket, the same as in all
other occasions.  Patch provided by mycroft.

Darren


*** tcp_input.c.orig	Sat Sep 19 14:52:06 1998
--- tcp_input.c	Sat Sep 19 14:24:22 1998
***************
*** 618,624 ****
  						tiwin <<= tp->snd_scale;
  						goto after_listen;
  					}
!   				}
  			} else {
  				/*
  				 * Received a SYN.
--- 618,625 ----
  						tiwin <<= tp->snd_scale;
  						goto after_listen;
  					}
!   				} else
! 					goto badsyn;
  			} else {
  				/*
  				 * Received a SYN.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message