From owner-freebsd-hackers Wed Jan 15 0:21:23 2003 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F18D37B401 for ; Wed, 15 Jan 2003 00:21:22 -0800 (PST) Received: from mail.econolodgetulsa.com (mail.econolodgetulsa.com [198.78.66.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id EF30443F7C for ; Wed, 15 Jan 2003 00:21:20 -0800 (PST) (envelope-from user@mail.econolodgetulsa.com) Received: from mail (user@mail [198.78.66.163]) by mail.econolodgetulsa.com (8.12.3/8.12.3) with ESMTP id h0F8LGZb009484 for ; Wed, 15 Jan 2003 00:21:16 -0800 (PST) (envelope-from user@mail.econolodgetulsa.com) Date: Wed, 15 Jan 2003 00:21:16 -0800 (PST) From: Josh Brooks To: freebsd-hackers@freebsd.org Subject: simple tcp question (syn, no mss) Message-ID: <20030115002040.T39623-100000@mail.econolodgetulsa.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Will I ever see a _legitimate_ packet in the wild that is a SYN, and has no MSS ? If the answer is no, then is this a good rule to block those: ipfw add 00001 deny tcp from any to any tcpflags syn tcpoptions !mss Or is this one better: ipfw add 00002 deny tcp from any to any setup tcpoptions !mss ----- I am simply trying to place a rule which blocks those packets and does not deny _any_ legitimate traffic (I don't consider nmapping to be legit for this discussion) - this is all provided that I am correct that there are no _legitimate_ packets in the wild that have a SYN and no MSS. thanks. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message