Date: Sun, 23 Nov 2008 17:03:15 +0100 From: =?ISO-8859-1?Q?Eirik_=D8verby?= <ltning@anduin.net> To: freebsd-security@freebsd.org Subject: Dropping syn+fin replies, but not really? Message-ID: <FD5EC41D-02D2-46A7-9A32-AF500C98BF25@anduin.net>
next in thread | raw e-mail | index | archive | help
Hi all, I have a FreeBSD based firewall (pfsense) and, behind it, a few dozen FreeBSD servers. Now we're required to run external security scans (nessus++) on some of the hosts, and they constantly come back with a "high" or "medium" severity problem: The host replies to TCP packets with SYN+FIN set. Problem: Both the firewall (FreeBSD 6.2-based pfSense 1.2) and the host in question (recent FreeBSD 7.2-PRERELEASE) have net.inet.tcp.drop_synfin=1 - I would therefore expect this to be a non- issue. Have I missed something important? Apart from this the hosts and services get away without any serious issues, but the security audit company insists this so-called hole to be closed. Anyone? Thanks, /Eirik
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FD5EC41D-02D2-46A7-9A32-AF500C98BF25>