Date: Sun, 2 Mar 2003 20:51:38 -0800 From: Sean Chittenden <sean@chittenden.org> To: freebsd-ipfw@freebsd.org Subject: ACK+RST useful? Message-ID: <20030303045138.GQ79234@perrin.int.nxad.com>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] I'm confused as to what the point of having a packet with the RST and ACK flags set. In legitimate use, an RST+ACK packet is only sent after the connection has been closed. With stateful firewalls, this can cause a great deal of logging of packets that are legit and apart of the spec, but are by and large worthless as far as I can tell. I've read through RFC 793 and as best as I can tell and with a stateful firewall, it strikes me as being _okay_ to have a drop rule (following the check-state rule) for packets that have the RST+ACK bits set. Am I wrong or missing something with this assertion? -sc -- Sean Chittenden [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Comment: Sean Chittenden <sean@chittenden.org> iD8DBQE+Yt9a3ZnjH7yEs0ERAk9/AJ9RgPNQ1q4czOH/AuxLYnIugvN1hwCg1qf4 EDdKoHLw5rv/gft/fLTaJig= =rb5t -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030303045138.GQ79234>