Date: Mon, 26 Apr 2004 12:02:30 +0100 From: "Graham Anderson" <ganderson@dusa.co.uk> To: <freebsd-questions@freebsd.org> Subject: SYN scans and ipfw/kernel options Message-ID: <00a201c42b7d$f7f85550$14082486@EINSTEIN>
next in thread | raw e-mail | index | archive | help
I'm looking for advice on some options to help against SYN and other = stealth scans. Ive compiled my kernel with TCP_DROP_SYNFIN option but have read that enabling this with tcp_drop_synfin=3DYES in rc.conf may not be the best = thing to do if I want to use httpd. What are the problems with using tcp_drop_synfin=3DYES on a web server? Will it break anything or is this simply non RFC compliant? Also does this simply drop packets with both SIN+FIN or either of them? Also trying to config a kernel with TCP_RESTRICT_RST fails as an unknown option. Like ICMP_BANDLIM Is this enabled by default on CURRENT? If I shouldn't use tcp_drop_synfin=3DYES in rc.conf on a web server what = rule would be suitable for dropping SYN packets in my ipfw ruleset? Cheers Graham ---------------------- Graham Anderson Dundee University Students Association DUSA Airlie Place Dundee DD1 4HP 01382 223084 ---------------------- =20 This e-mail and any files transmitted with it are private and intended solely for the use of the individual or entity to whom they are = addressed. If you are not the intended recipient, the e-mail and any files have = been transmitted to you in error and any copying, distribution or other use = of the information contained in them is strictly prohibited. If you have received this e-mail in error, please advise us immediately. =20 Nothing in this e-mail message amounts to a contractual or other legal commitment on the part of DUSA unless confirmed by a communication = signed on behalf of DUSA by an authorised signatory. Please note that it is a disciplinary offence for any employee or representative of DUSA to = download any offensive, lewd, racist, libidinous or immoral material.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00a201c42b7d$f7f85550$14082486>