Date: 12 Jan 2000 09:30:44 +0100 From: Dag-Erling Smorgrav <des@flood.ping.uio.no> To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> Cc: Brad Knowles <blk@skynet.be>, Holtor <holtor@yahoo.com>, freebsd-questions@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG Subject: Re: Kernel Option: TCP_DROP_SYNFIN Message-ID: <xzphfgjr8sr.fsf@flood.ping.uio.no> In-Reply-To: Cy Schubert - ITSD Open Systems Group's message of "Tue, 11 Jan 2000 11:46:43 -0800" References: <200001111947.LAA55191@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> writes: > In message <xzpya9xq9sq.fsf@flood.ping.uio.no>, Dag-Erling Smorgrav > writes: > > It doesn't have anything to do with syn floods at all. It merely > > prevents OS fingerprinting (at least the way nmap does it). > The following ipfw rule will also prevent OS fingerprinting. > > deny log tcp from any to any in tcpflg fin,syn It does precisely the same thing as TCP_DROP_SYNFIN, except much slower. > Would this too have problems with TTCP? The reason I ask is that I've > been using this rule for a ever since 2.2.x (cannot remember the exact > date) and I haven't had any problems with TTCP enabled. I know I > should look at the RFC (and I will after lunch), but I'll ask anyway. > Does TTCP use packets with SYN/FIN set? Yes, if the request (or reply) is short enough to fit in a single segment, which is exceedingly rare these days. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzphfgjr8sr.fsf>