Date: Wed, 28 Jun 95 11:57:39 MDT From: terry@cs.weber.edu (Terry Lambert) To: lists@tar.com Cc: guido@gvr.win.tue.nl, hackers@freebsd.org Subject: Re: ipfw code Message-ID: <9506281757.AA16552@cs.weber.edu> In-Reply-To: <199506281236.HAA00903@ns.tar.com> from "Richard Seaman, Jr" at Jun 28, 95 07:36:46 am
next in thread | previous in thread | raw e-mail | index | archive | help
> I'm not sure I follow this. If the goal is to prevent inbound TCP > connection requests, I would think the filter should block TCP packets > with the SYN bit set and the ACK bit clear, but allow those in which > both the SYN bit and ACK bit are both set? > > I would think the goal of blocking on syn is to prevent inbound > connections but allow outbound connections? NFS spoofing is still possible if only syn packets are blocked. Terry Lambert terry@cs.weber.edu --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9506281757.AA16552>