FreeBSD Mail Archives

Date:      Tue, 29 May 2001 23:43:09 +0200
From:      "Liran Dahan" <lirandb@netvision.net.il>
To:        <freebsd-security@freebsd.org>
Subject:   Syn+Fin (Setup) And TCP RST
Message-ID:  <010f01c0e888$5ab3c120$b88f39d5@a>

next in thread | raw e-mail | index | archive | help


[-- Attachment #1 --]
I've added those 2 options in my kernel long time ago:
options         TCP_DROP_SYNFIN         #drop TCP packets with SYN+FIN
options         TCP_RESTRICT_RST        #restrict emission of TCP RST          


Is this could be the reason why even when i add in my firewall to send RST packets, it takes me 30 seconds till i get timeout of Connection refused when i telneting my box on randomly closed ports.. ? 

And about TCP_DROP_SYNFIN .. is this could be one of the reasons 'setup' command 'aint working on my ipfw?

If my speculations are true... Why those kernel options are used for?

Thanks,

          Liran Dahan (lirandb@netvision.net.il)

[-- Attachment #2 --]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=windows-1255" http-equiv=Content-Type>
<META content="MSHTML 5.00.2919.6307" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>
<DIV><FONT face=Arial size=2>I've added those 2 options in my kernel long time 
ago:</FONT></DIV>
<DIV><FONT face=Arial 
size=2>options&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
TCP_DROP_SYNFIN&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; #drop TCP 
packets with SYN+FIN<BR>options&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
TCP_RESTRICT_RST&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; #restrict emission of 
TCP RST&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Is this could be the reason why even when i add in 
my firewall to send RST packets, it takes me 30 seconds till i get timeout of 
Connection refused when i telneting my box on randomly closed ports.. ? 
</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>And about TCP_DROP_SYNFIN .. is this could be one 
of the reasons 'setup' command 'aint working on my ipfw?</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>If my speculations are true... Why those kernel 
options are used for?</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Thanks,</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial 
size=2>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Liran Dahan (<A 
href="mailto:lirandb@netvision.net.il">lirandb@netvision.net.il</A>)</FONT></DIV></FONT></DIV></BODY></HTML>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?010f01c0e888$5ab3c120$b88f39d5>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation