From owner-freebsd-security Tue Jan 16 0: 2:34 2001 Delivered-To: freebsd-security@freebsd.org Received: from fork.computel.sk (fork.computel.sk [195.28.96.96]) by hub.freebsd.org (Postfix) with ESMTP id 689CC37B402; Tue, 16 Jan 2001 00:02:11 -0800 (PST) Received: from tempest.sk (t74.tempest.sk [195.28.100.74]) by fork.computel.sk with ESMTP id JAA20770; Tue, 16 Jan 2001 09:02:02 +0100 Message-ID: <3A63FFF9.8E64A6AA@tempest.sk> Date: Tue, 16 Jan 2001 09:02:01 +0100 From: Pavol Adamec Organization: Tempest X-Mailer: Mozilla 4.72 [en] (X11; I; FreeBSD 4.2-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Dennis Jun Cc: freebsd-questions@freebsd.org, freebsd-security@freebsd.org Subject: Re: TCP_DROP_SYNFIN References: <004a01c07f90$29bcef80$0300a8c0@wilma> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'm not sure what you excatly ment by that but: TCP_DROP_SYNFIN forces kernel to drop packets with BOTH SYN and FIN flags set. nmap -sS is a "half-open scan" - it send packets with only SYN flag set. What you likely want is TCP_RESTRICT_RST - not to emit RST for SYN packets to non-listening ports. Paul Dennis Jun wrote: > > I have compiled this option in my kernel on 3 differents FreeBSD boxes > (4.1.1-STABLE, 4.1-RELEASEs) and I have noticed that it doesn't work all > the time. Specifically with this scan nmap -v -O -sS . Is it just me or > does this not work for other people as well? > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message Dennis Jun wrote: > > I have compiled this option in my kernel on 3 differents FreeBSD boxes > (4.1.1-STABLE, 4.1-RELEASEs) and I have noticed that it doesn't work all > the time. Specifically with this scan nmap -v -O -sS . Is it just me or > does this not work for other people as well? > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message