Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 29 May 2001 15:56:07 -0500
From:      "Thomas T. Veldhouse" <veldy@veldy.net>
To:        "Liran Dahan" <lirandb@netvision.net.il>, <freebsd-security@freebsd.org>
Subject:   Re: Syn+Fin (Setup) And TCP RST
Message-ID:  <007501c0e881$c86a78a0$0101a8c0@cascade>
References:  <010f01c0e888$5ab3c120$b88f39d5@a>

next in thread | previous in thread | raw e-mail | index | archive | help
NO.  I have those options in my kernel and I have no such trouble connecting
via telnet.

Tom Veldhouse
veldy@veldy.net

PS  HTML is a bit inappropriate for a public mailing list.

----- Original Message -----
From: Liran Dahan
To: freebsd-security@freebsd.org
Sent: Tuesday, May 29, 2001 4:43 PM
Subject: Syn+Fin (Setup) And TCP RST


I've added those 2 options in my kernel long time ago:
options         TCP_DROP_SYNFIN         #drop TCP packets with SYN+FIN
options         TCP_RESTRICT_RST        #restrict emission of TCP RST


Is this could be the reason why even when i add in my firewall to send RST
packets, it takes me 30 seconds till i get timeout of Connection refused
when i telneting my box on randomly closed ports.. ?

And about TCP_DROP_SYNFIN .. is this could be one of the reasons 'setup'
command 'aint working on my ipfw?

If my speculations are true... Why those kernel options are used for?

Thanks,

          Liran Dahan (lirandb@netvision.net.il)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007501c0e881$c86a78a0$0101a8c0>