From owner-freebsd-questions Tue Jan 16 0:30:43 2001 Delivered-To: freebsd-questions@freebsd.org Received: from femail2.rdc1.on.home.com (femail2.rdc1.on.home.com [24.2.9.89]) by hub.freebsd.org (Postfix) with ESMTP id 2119937B6A2 for ; Tue, 16 Jan 2001 00:30:24 -0800 (PST) Received: from wilma ([24.114.163.66]) by femail2.rdc1.on.home.com (InterMail vM.4.01.03.00 201-229-121) with SMTP id <20010116083019.SJPR2929.femail2.rdc1.on.home.com@wilma>; Tue, 16 Jan 2001 00:30:19 -0800 Message-ID: <00bb01c07f96$9cd7bc60$0300a8c0@wilma> From: "Dennis Jun" To: "Pavol Adamec" Cc: References: <004a01c07f90$29bcef80$0300a8c0@wilma> <3A63FFF9.8E64A6AA@tempest.sk> <007901c07f93$9fea33e0$0300a8c0@wilma> <3A6402C6.98E6EDE@tempest.sk> <009101c07f95$ca3501a0$0300a8c0@wilma> Subject: Re: TCP_DROP_SYNFIN doesn't work? Date: Tue, 16 Jan 2001 03:30:41 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Ahh nm, I just remembered, use sysctl. Thanx for your help! ----- Original Message ----- From: "Dennis Jun" To: "Pavol Adamec" Cc: Sent: Tuesday, January 16, 2001 3:21 AM Subject: Re: TCP_DROP_SYNFIN doesn't work? > Damn! I didn't realise I had to enable that in rc.conf. Hah! Now how would > I implement this change without actually rebooting the whole box? or > dropping to single user mode and going back to multi? > > > ----- Original Message ----- > From: "Pavol Adamec" > To: "Dennis Jun" > Cc: > Sent: Tuesday, January 16, 2001 3:13 AM > Subject: Re: TCP_DROP_SYNFIN doesn't work? > > > > You also add > > > > tcp_drop_synfin="YES" > > > > to your /etc/rc.conf because default setting from /etc/defaults/rc.conf > > is > > > > tcp_drop_synfin="NO" # Set to YES to drop TCP packets with > > SYN+FIN > > > > Paul > > > > Dennis Jun wrote: > > > > > > I have also implemented TCP_RESTRICT_RST as well. > > > > > > # TCP_DROP_SYNFIN adds support for ignoring TCP packets with SYN+FIN. > This > > > # prevents nmap et al. from identifying the TCP/IP stack,... > > > > > > That is from LINT. Thus the reason for my question. My friend just > > > upgraded his Linux kernel to 2.4.0 with the same option and it works > for > > > him. Thus I'm suspecting I'm doing something wrong but I wanted to > know if > > > others had this problem as well. > > > > > > ----- Original Message ----- > > > From: "Pavol Adamec" > > > To: "Dennis Jun" > > > Cc: ; > > > Sent: Tuesday, January 16, 2001 3:02 AM > > > Subject: Re: TCP_DROP_SYNFIN > > > > > > > I'm not sure what you excatly ment by that but: > > > > > > > > TCP_DROP_SYNFIN forces kernel to drop packets with BOTH SYN and > > > > FIN flags set. nmap -sS is a "half-open scan" - it send packets > > > > with only SYN flag set. > > > > What you likely want is TCP_RESTRICT_RST - not to emit RST for SYN > > > > packets to non-listening ports. > > > > > > > > Paul > > > > > > > > Dennis Jun wrote: > > > > > > > > > > I have compiled this option in my kernel on 3 differents FreeBSD > boxes > > > > > (4.1.1-STABLE, 4.1-RELEASEs) and I have noticed that it doesn't > work > > > all > > > > > the time. Specifically with this scan nmap -v -O -sS . Is it > just me > > > or > > > > > does this not work for other people as well? > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > Dennis Jun wrote: > > > > > > > > > > I have compiled this option in my kernel on 3 differents FreeBSD > boxes > > > > > (4.1.1-STABLE, 4.1-RELEASEs) and I have noticed that it doesn't > work > > > all > > > > > the time. Specifically with this scan nmap -v -O -sS . Is it > just me > > > or > > > > > does this not work for other people as well? > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message