From owner-freebsd-stable Wed Jan 12 0:30:59 2000 Delivered-To: freebsd-stable@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 7DEBF14C80; Wed, 12 Jan 2000 00:30:49 -0800 (PST) (envelope-from des@flood.ping.uio.no) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id JAA76720; Wed, 12 Jan 2000 09:30:45 +0100 (CET) (envelope-from des@flood.ping.uio.no) To: Cy Schubert - ITSD Open Systems Group Cc: Brad Knowles , Holtor , freebsd-questions@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG Subject: Re: Kernel Option: TCP_DROP_SYNFIN References: <200001111947.LAA55191@cwsys.cwsent.com> From: Dag-Erling Smorgrav Date: 12 Jan 2000 09:30:44 +0100 In-Reply-To: Cy Schubert - ITSD Open Systems Group's message of "Tue, 11 Jan 2000 11:46:43 -0800" Message-ID: Lines: 23 User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Cy Schubert - ITSD Open Systems Group writes: > In message , Dag-Erling Smorgrav > writes: > > It doesn't have anything to do with syn floods at all. It merely > > prevents OS fingerprinting (at least the way nmap does it). > The following ipfw rule will also prevent OS fingerprinting. > > deny log tcp from any to any in tcpflg fin,syn It does precisely the same thing as TCP_DROP_SYNFIN, except much slower. > Would this too have problems with TTCP? The reason I ask is that I've > been using this rule for a ever since 2.2.x (cannot remember the exact > date) and I haven't had any problems with TTCP enabled. I know I > should look at the RFC (and I will after lunch), but I'll ask anyway. > Does TTCP use packets with SYN/FIN set? Yes, if the request (or reply) is short enough to fit in a single segment, which is exceedingly rare these days. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message