Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 17 Dec 2001 09:31:03 +0200
From:      Paulius Bulotas <paulius@kaktusas.org>
To:        freebsd-security@freebsd.org
Subject:   options TCP_DROP_SYNFIN
Message-ID:  <20011217073102.GA94480@noname>

next in thread | raw e-mail | index | archive | help
Hello,

in LINT there is a comment for ^ option:
# TCP_DROP_SYNFIN adds support for ignoring TCP packets with 
# SYN+FIN. This prevents nmap et al. from identifying the 
# TCP/IP stack, but breaks support for RFC1644 extensions 
# and is not recommended for web servers.

So, what's wrong, if it will be included/enabled on web server? I've
read rfc quickly, but haven't found anything that would be useful for
web servers (or that's only intended for future use?) and was really
used at this time widely.
Anyone can explain, why enabling this option is wrong on web server?

Regards,
Paulius

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011217073102.GA94480>