packets with syn/fin vs pf_norm.c
fooler
fooler at skyinet.net
Wed Jul 6 06:11:29 GMT 2005
----- Original Message -----
From: "Dag-Erling Smørgrav" <des at des.no>
To: "Jesper Wallin" <jesper at hackunite.net>
Cc: <freebsd-security at freebsd.org>; "Darren Reed"
<avalon at caligula.anu.edu.au>
Sent: Wednesday, July 06, 2005 1:39 PM
Subject: Re: packets with syn/fin vs pf_norm.c
> The TCP_DROP_SYNFIN option should be removed; it has long outlived its
> original purpose (which was to prevent nmap identification of IRC
> servers which didn't run ipfw for performance reasons, back in the 3.0
> days)
i vote not to remove because it just an option there whether you want it or
not for added protection for OS fingerprinting...
standard tcp is the most rampant used than t/tcp and most (or all) tcp
modules are not combining syn + fin flag in a tcp datagram for normal tcp
transaction...
fooler.
More information about the freebsd-security
mailing list