From owner-freebsd-questions@FreeBSD.ORG  Thu Aug  7 19:54:32 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 95C851065674
	for <freebsd-questions@freebsd.org>;
	Thu,  7 Aug 2008 19:54:32 +0000 (UTC) (envelope-from kalin@el.net)
Received: from mail.el.net (mail.el.net [64.81.218.253])
	by mx1.freebsd.org (Postfix) with ESMTP id 2A86C8FC12
	for <freebsd-questions@freebsd.org>;
	Thu,  7 Aug 2008 19:54:31 +0000 (UTC) (envelope-from kalin@el.net)
Received: (qmail 57444 invoked by uid 1008); 7 Aug 2008 21:00:38 -0000
Received: from unknown (HELO kalins-macbook-pro.local)
	(kalin@el.net@74.1.12.115)
	by mail.el.net with ESMTPA; 7 Aug 2008 21:00:38 -0000
Message-ID: <489B52F6.6020909@el.net>
Date: Thu, 07 Aug 2008 15:54:30 -0400
From: kalin m <kalin@el.net>
User-Agent: Thunderbird 2.0.0.16 (Macintosh/20080707)
MIME-Version: 1.0
To: FreeBSD <freebsd@optiksecurite.com>
References: <489A8EA3.5030102@el.net> <489B3FFD.308@el.net>
	<489B431A.7080209@optiksecurite.com>
In-Reply-To: <489B431A.7080209@optiksecurite.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Cc: freebsd-questions@freebsd.org
Subject: Re: Remote host replies to SYN+FIN
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Aug 2008 19:54:32 -0000


i have that in....   i still get that message from nessus...   maybe 
synproxy or something like S/SAF?!




FreeBSD wrote:
> kalin m a écrit :
>>
>> does anybody have any idea how to resolve this?
>>
>> thanks..
>>
>>
>> kalin m wrote:
>>> hi all...
>>> after setting up a pf rule set on one of newly installed freebsd 7 i 
>>> did a scan with nessus 3 on that machine
>>>
>>> the result i got was like this one:
>>> http://www.nessus.org/plugins/index.php?view=single&id=11618 how do 
>>> 'fix' it using pf?...
>>>
>>>
>>>
>>> thanks...
>>>
>>>
> Hi,
>
> I think that you should look at the 'scrub' directive in pf.conf. I 
> think that a 'scrub in all' should block that kind of malformed packets.
>
> Martin
>