> -----Original Message----- > From: netfilter-admin@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] On Behalf Of > Cedric Blancher > Sent: Wednesday, August 06, 2003 2:28 PM > To: Michael K > Cc: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: Re: discard TCP SYN > > > Le mer 06/08/2003 à 13:32, Michael K a écrit : > > Then I use stateful inspection, accepting > estabished,related. However, > > the nessus scanner is reporting this: > > ----- > > The remote host does not discard TCP SYN packets which > > have the FIN flag set. > > SYN/FIN packets are valid according to RFC793. RFC specify > that if RST and ACK are not set, and SYN is set, packet must > get treated as opening a connection without examining other flags. > > > Depending on the kind of firewall you are using, an > > attacker may use this flaw to bypass its rules. > > Some people say that some firewalls may accept this kind of > packets through closed ports. That is not Netfilter's behaviour. > > > Should I be worried? > > Not with Netfilter. > Again, hurray for iptables :-) And thank you! /Klintan
