From owner-freebsd-questions@FreeBSD.ORG  Thu Aug  7 18:47:55 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 470AD1065976
	for <freebsd-questions@freebsd.org>;
	Thu,  7 Aug 2008 18:47:55 +0000 (UTC)
	(envelope-from freebsd@optiksecurite.com)
Received: from tomts44-srv.bellnexxia.net (tomts44-srv.bellnexxia.net
	[209.226.175.111])
	by mx1.freebsd.org (Postfix) with ESMTP id D3D688FC15
	for <freebsd-questions@freebsd.org>;
	Thu,  7 Aug 2008 18:47:54 +0000 (UTC)
	(envelope-from freebsd@optiksecurite.com)
Received: from toip36-bus.srvr.bell.ca ([67.69.240.37])
	by tomts44-srv.bellnexxia.net
	(InterMail vM.5.01.06.13 201-253-122-130-113-20050324) with ESMTP id
	<20080807184754.RKNS1584.tomts44-srv.bellnexxia.net@toip36-bus.srvr.bell.ca>;
	Thu, 7 Aug 2008 14:47:54 -0400
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ApoEAO3ZmkhKD7BS/2dsb2JhbACtIw
Received: from mtrlpq02-1242542162.sdsl.bell.ca (HELO [69.69.69.183])
	([74.15.176.82])
	by toip36-bus.srvr.bell.ca with ESMTP; 07 Aug 2008 14:47:49 -0400
Message-ID: <489B431A.7080209@optiksecurite.com>
Date: Thu, 07 Aug 2008 14:46:50 -0400
From: FreeBSD <freebsd@optiksecurite.com>
User-Agent: Thunderbird 2.0.0.16 (Windows/20080708)
MIME-Version: 1.0
To: kalin m <kalin@el.net>
References: <489A8EA3.5030102@el.net> <489B3FFD.308@el.net>
In-Reply-To: <489B3FFD.308@el.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Cc: freebsd-questions@freebsd.org
Subject: Re: Remote host replies to SYN+FIN
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Aug 2008 18:47:55 -0000

kalin m a écrit :
> 
> does anybody have any idea how to resolve this?
> 
> thanks..
> 
> 
> kalin m wrote:
>> hi all...
>> after setting up a pf rule set on one of newly installed freebsd 7 i 
>> did a scan with nessus 3 on that machine
>>
>> the result i got was like this one:
>> http://www.nessus.org/plugins/index.php?view=single&id=11618 how do 
>> 'fix' it using pf?...
>>
>>
>>
>> thanks...
>>
>>
Hi,

I think that you should look at the 'scrub' directive in pf.conf. I 
think that a 'scrub in all' should block that kind of malformed packets.

Martin