My firewall have default policy to drop (in, out & fwd) Some protocols are open for communications, such as tcp/80, ftp/21 from the internet Then I use stateful inspection, accepting estabished,related. However, the nessus scanner is reporting this: ----- The remote host does not discard TCP SYN packets which have the FIN flag set. Depending on the kind of firewall you are using, an attacker may use this flaw to bypass its rules. See also : http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html http://www.kb.cert.org/vuls/id/464113 Solution : Contact your vendor for a patch Risk factor : Medium BID : 7487 Nessus ID : 11618 ---- Should I be worried? The remote host is Windows 2000 server. Should I drop syn? iptables -A FORWARD -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP regards Klintan
