Date: Thu, 22 Feb 2001 08:51:33 -0800 (PST) From: Tom <tom@uniserve.com> To: Alexandr Kovalenko <neve_ripe@yahoo.com> Cc: freebsd-stable@freebsd.org Subject: Re: ipfw drop syn+fin Message-ID: <Pine.BSF.4.05.10102220849460.28368-100000@shell.uniserve.ca> In-Reply-To: <4346812337.20010222115242@yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 22 Feb 2001, Alexandr Kovalenko wrote: > # TCP_DROP_SYNFIN adds support for ignoring TCP packets with SYN+FIN. This > # prevents nmap et al. from identifying the TCP/IP stack, but breaks support > # for RFC1644 extensions and is not recommended for web servers. > > I'm wondering _why_ it is not recommended for web servers? Because RFC1644 extensions are valuable for web servers, and client clients use them when making web requests. So guess what happens when your server drops requests using RFC1644 extensions? Tom Uniserve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.10102220849460.28368-100000>