Dropping syn+fin replies, but not really?
Eirik Øverby
ltning at anduin.net
Sun Nov 23 08:41:44 PST 2008
Hi all,
I have a FreeBSD based firewall (pfsense) and, behind it, a few dozen
FreeBSD servers. Now we're required to run external security scans
(nessus++) on some of the hosts, and they constantly come back with a
"high" or "medium" severity problem: The host replies to TCP packets
with SYN+FIN set.
Problem: Both the firewall (FreeBSD 6.2-based pfSense 1.2) and the
host in question (recent FreeBSD 7.2-PRERELEASE) have
net.inet.tcp.drop_synfin=1 - I would therefore expect this to be a non-
issue.
Have I missed something important? Apart from this the hosts and
services get away without any serious issues, but the security audit
company insists this so-called hole to be closed.
Anyone?
Thanks,
/Eirik
More information about the freebsd-security
mailing list