Re: DROP Fin Scan

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Le jeu 12/12/2002 à 16:25, Blizzards a écrit :
> (only pachet with the SYN bit set and ACK,RST,FIN cleared can initiate a new 
> connection)

A SYN-FIN can initiate a connection according to RFC. That's why --syn
is equal to SYN,ACK,RST SYN and not to SYN,ACK,RST,FIN SYN.

> iptables -A INPUT -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP

One can do this. It is clear that thoses packets should not exist. But
FIN bit is ignored, so...

-- 
Cédric Blancher  <blancher@cartel-securite.fr>
IT systems and networks security expert  - Cartel Sécurité
Phone : +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99
PGP KeyID:157E98EE  FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux