From owner-freebsd-questions Tue Jan 16 0: 9:20 2001 Delivered-To: freebsd-questions@freebsd.org Received: from femail2.rdc1.on.home.com (femail2.rdc1.on.home.com [24.2.9.89]) by hub.freebsd.org (Postfix) with ESMTP id DAE4237B69F for ; Tue, 16 Jan 2001 00:09:00 -0800 (PST) Received: from wilma ([24.114.163.66]) by femail2.rdc1.on.home.com (InterMail vM.4.01.03.00 201-229-121) with SMTP id <20010116080856.SBMT2929.femail2.rdc1.on.home.com@wilma>; Tue, 16 Jan 2001 00:08:56 -0800 Message-ID: <007901c07f93$9fea33e0$0300a8c0@wilma> From: "Dennis Jun" To: "Pavol Adamec" Cc: References: <004a01c07f90$29bcef80$0300a8c0@wilma> <3A63FFF9.8E64A6AA@tempest.sk> Subject: Re: TCP_DROP_SYNFIN doesn't work? Date: Tue, 16 Jan 2001 03:09:18 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I have also implemented TCP_RESTRICT_RST as well. # TCP_DROP_SYNFIN adds support for ignoring TCP packets with SYN+FIN. This # prevents nmap et al. from identifying the TCP/IP stack,... That is from LINT. Thus the reason for my question. My friend just upgraded his Linux kernel to 2.4.0 with the same option and it works for him. Thus I'm suspecting I'm doing something wrong but I wanted to know if others had this problem as well. ----- Original Message ----- From: "Pavol Adamec" To: "Dennis Jun" Cc: ; Sent: Tuesday, January 16, 2001 3:02 AM Subject: Re: TCP_DROP_SYNFIN > I'm not sure what you excatly ment by that but: > > TCP_DROP_SYNFIN forces kernel to drop packets with BOTH SYN and > FIN flags set. nmap -sS is a "half-open scan" - it send packets > with only SYN flag set. > What you likely want is TCP_RESTRICT_RST - not to emit RST for SYN > packets to non-listening ports. > > Paul > > Dennis Jun wrote: > > > > I have compiled this option in my kernel on 3 differents FreeBSD boxes > > (4.1.1-STABLE, 4.1-RELEASEs) and I have noticed that it doesn't work all > > the time. Specifically with this scan nmap -v -O -sS . Is it just me or > > does this not work for other people as well? > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > Dennis Jun wrote: > > > > I have compiled this option in my kernel on 3 differents FreeBSD boxes > > (4.1.1-STABLE, 4.1-RELEASEs) and I have noticed that it doesn't work all > > the time. Specifically with this scan nmap -v -O -sS . Is it just me or > > does this not work for other people as well? > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message