Date: Tue, 29 May 2001 23:43:09 +0200 From: "Liran Dahan" <lirandb@netvision.net.il> To: <freebsd-security@freebsd.org> Subject: Syn+Fin (Setup) And TCP RST Message-ID: <010f01c0e888$5ab3c120$b88f39d5@a>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
------=_NextPart_000_010C_01C0E899.1E135E40
Content-Type: text/plain;
charset="windows-1255"
Content-Transfer-Encoding: quoted-printable
I've added those 2 options in my kernel long time ago:
options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN
options TCP_RESTRICT_RST #restrict emission of TCP RST =
=20
Is this could be the reason why even when i add in my firewall to send =
RST packets, it takes me 30 seconds till i get timeout of Connection =
refused when i telneting my box on randomly closed ports.. ?=20
And about TCP_DROP_SYNFIN .. is this could be one of the reasons 'setup' =
command 'aint working on my ipfw?
If my speculations are true... Why those kernel options are used for?
Thanks,
Liran Dahan (lirandb@netvision.net.il)
------=_NextPart_000_010C_01C0E899.1E135E40
Content-Type: text/html;
charset="windows-1255"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Dwindows-1255" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2919.6307" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>
<DIV><FONT face=3DArial size=3D2>I've added those 2 options in my kernel =
long time=20
ago:</FONT></DIV>
<DIV><FONT face=3DArial=20
size=3D2>options =20
TCP_DROP_SYNFIN #drop =
TCP=20
packets with =
SYN+FIN<BR>options =20
TCP_RESTRICT_RST #restrict =
emission of=20
TCP RST =
</FONT></DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Is this could be the reason why even =
when i add in=20
my firewall to send RST packets, it takes me 30 seconds till i get =
timeout of=20
Connection refused when i telneting my box on randomly closed ports.. ?=20
</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>And about TCP_DROP_SYNFIN .. is this =
could be one=20
of the reasons 'setup' command 'aint working on my ipfw?</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>If my speculations are true... Why =
those kernel=20
options are used for?</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Thanks,</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial=20
size=3D2> Liran =
Dahan (<A=20
href=3D"mailto:lirandb@netvision.net.il">lirandb@netvision.net.il</A>)</F=
ONT></DIV></FONT></DIV></BODY></HTML>
------=_NextPart_000_010C_01C0E899.1E135E40--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?010f01c0e888$5ab3c120$b88f39d5>