From owner-freebsd-questions Tue Jan 11 11:51:51 2000 Delivered-To: freebsd-questions@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 8973B154D4; Tue, 11 Jan 2000 11:51:43 -0800 (PST) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id LAA30658; Tue, 11 Jan 2000 11:47:55 -0800 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda30656; Tue Jan 11 11:47:43 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.9.3/8.9.1) id LAA38198; Tue, 11 Jan 2000 11:47:42 -0800 (PST) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdc38196; Tue Jan 11 11:47:36 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.9.3/8.9.1) id LAA55191; Tue, 11 Jan 2000 11:47:35 -0800 (PST) Message-Id: <200001111947.LAA55191@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdL55184; Tue Jan 11 11:46:44 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 3.4-RELEASE X-Sender: cy To: Dag-Erling Smorgrav Cc: Brad Knowles , Holtor , freebsd-questions@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG Subject: Re: Kernel Option: TCP_DROP_SYNFIN In-reply-to: Your message of "11 Jan 2000 09:42:13 +0100." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 11 Jan 2000 11:46:43 -0800 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message , Dag-Erling Smorgrav writes: > Brad Knowles writes: > > At 12:18 PM -0800 2000/1/9, Holtor wrote: > > > Would this help stop SYN floods from breaking my > > > freebsd computer? if anyones tried it, please speak > > > up with any results or how it works. Thanks! > > I've used it and haven't seen it do any harm to the systems I was > > using it on, although I can't speak for how well it might have helped > > them survive a SYN flood. Unless you're using TTCP (TCP for > > Transactions), you should probably be safe in enabling it. > > It doesn't have anything to do with syn floods at all. It merely > prevents OS fingerprinting (at least the way nmap does it). The following ipfw rule will also prevent OS fingerprinting. deny log tcp from any to any in tcpflg fin,syn Would this too have problems with TTCP? The reason I ask is that I've been using this rule for a ever since 2.2.x (cannot remember the exact date) and I haven't had any problems with TTCP enabled. I know I should look at the RFC (and I will after lunch), but I'll ask anyway. Does TTCP use packets with SYN/FIN set? Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Sun/DEC Team, UNIX Group Internet: Cy.Schubert@uumail.gov.bc.ca ITSD Province of BC "e**(i*pi)+1=0" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message