From owner-freebsd-questions@FreeBSD.ORG Thu Aug 7 19:54:32 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 95C851065674 for ; Thu, 7 Aug 2008 19:54:32 +0000 (UTC) (envelope-from kalin@el.net) Received: from mail.el.net (mail.el.net [64.81.218.253]) by mx1.freebsd.org (Postfix) with ESMTP id 2A86C8FC12 for ; Thu, 7 Aug 2008 19:54:31 +0000 (UTC) (envelope-from kalin@el.net) Received: (qmail 57444 invoked by uid 1008); 7 Aug 2008 21:00:38 -0000 Received: from unknown (HELO kalins-macbook-pro.local) (kalin@el.net@74.1.12.115) by mail.el.net with ESMTPA; 7 Aug 2008 21:00:38 -0000 Message-ID: <489B52F6.6020909@el.net> Date: Thu, 07 Aug 2008 15:54:30 -0400 From: kalin m User-Agent: Thunderbird 2.0.0.16 (Macintosh/20080707) MIME-Version: 1.0 To: FreeBSD References: <489A8EA3.5030102@el.net> <489B3FFD.308@el.net> <489B431A.7080209@optiksecurite.com> In-Reply-To: <489B431A.7080209@optiksecurite.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Cc: freebsd-questions@freebsd.org Subject: Re: Remote host replies to SYN+FIN X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Aug 2008 19:54:32 -0000 i have that in.... i still get that message from nessus... maybe synproxy or something like S/SAF?! FreeBSD wrote: > kalin m a écrit : >> >> does anybody have any idea how to resolve this? >> >> thanks.. >> >> >> kalin m wrote: >>> hi all... >>> after setting up a pf rule set on one of newly installed freebsd 7 i >>> did a scan with nessus 3 on that machine >>> >>> the result i got was like this one: >>> http://www.nessus.org/plugins/index.php?view=single&id=11618 how do >>> 'fix' it using pf?... >>> >>> >>> >>> thanks... >>> >>> > Hi, > > I think that you should look at the 'scrub' directive in pf.conf. I > think that a 'scrub in all' should block that kind of malformed packets. > > Martin >