Date: Wed, 12 Jan 2000 01:14:22 -0600 From: Nathan Kinsman <nathank@mentisworks.com> To: freebsd-questions@freebsd.org Subject: Re: Kernel Option: TCP_DROP_SYNFIN Message-ID: <387C29CE.4904EBBE@mentisworks.com> References: <200001111947.LAA55191@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Cy Schubert - ITSD Open Systems Group wrote: > > In message <xzpya9xq9sq.fsf@flood.ping.uio.no>, Dag-Erling Smorgrav > writes: > > Brad Knowles <blk@skynet.be> writes: > > > At 12:18 PM -0800 2000/1/9, Holtor wrote: > > > > Would this help stop SYN floods from breaking my > > > > freebsd computer? if anyones tried it, please speak > > > > up with any results or how it works. Thanks! > > > I've used it and haven't seen it do any harm to the systems I was > > > using it on, although I can't speak for how well it might have helped > > > them survive a SYN flood. Unless you're using TTCP (TCP for > > > Transactions), you should probably be safe in enabling it. > > > > It doesn't have anything to do with syn floods at all. It merely > > prevents OS fingerprinting (at least the way nmap does it). > > The following ipfw rule will also prevent OS fingerprinting. > > deny log tcp from any to any in tcpflg fin,syn Are you sure this still works? NMAP 2.3BETA12 does not seem to have a problem fingerprinting a FreeBSD host protected by TCP_DROP_SYNFIN, or using the equivalent IPFilter rule in the experiments I have done. -- Nathan Kinsman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?387C29CE.4904EBBE>