Date: Tue, 11 Jan 2000 21:41:43 +0100 From: Brad Knowles <blk@skynet.be> To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>, Dag-Erling Smorgrav <des@flood.ping.uio.no> Cc: Holtor <holtor@yahoo.com>, freebsd-questions@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG Subject: Re: Kernel Option: TCP_DROP_SYNFIN Message-ID: <v04220815b4a145a0a6db@[195.238.1.121]> In-Reply-To: <200001111947.LAA55191@cwsys.cwsent.com> References: <200001111947.LAA55191@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 11:46 AM -0800 2000/1/11, Cy Schubert - ITSD Open Systems Group wrote: > The following ipfw rule will also prevent OS fingerprinting. > > deny log tcp from any to any in tcpflg fin,syn > > Would this too have problems with TTCP? Yup. I haven't read the RFC, but I've read the first bit of _TCP/IP Illustrated, Volume 3: TCP for Transactions, HTTP, NNTP, and the UNIX(r) Domain Protocols_ by Stevens, and by definition TTCP uses SYN+FIN. -- These are my opinions -- not to be taken as official Skynet policy ____________________________________________________________________ |o| Brad Knowles, <blk@skynet.be> Belgacom Skynet NV/SA |o| |o| Systems Architect, News & FTP Admin Rue Col. Bourg, 124 |o| |o| Phone/Fax: +32-2-706.11.11/12.49 B-1140 Brussels |o| |o| http://www.skynet.be Belgium |o| \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ Unix is like a wigwam -- no Gates, no Windows, and an Apache inside. Unix is very user-friendly. It's just picky who its friends are. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v04220815b4a145a0a6db>