On Friday 02 July 2004 1:27 pm, Steve Comfort wrote:
> Hi All,
>
> I'm running Nessus to check my firewall rules, and its telling me :
>
> "remote host does not drop TCP SYN packets with the FIN flag set .... "
>
> I've tried adding the following rule :
>
> $ipt -A INPUT -i $iface -d $network -p tcp --tcp-flags SYN,FIN SYN, FIN
> -j DROP
What does the variable $network corresopond to in the above rule?
Does the address you are sending the SYN-FIN packets to fall within this
range?
If you do a "iptables -L INPUT -nvx" do the packet & byte counters show any
packets matching the above rule?
Regards,
Antony.
--
Success is a lousy teacher. It seduces smart people into thinking they can't
lose.
- William H Gates III
Please reply to the list;
please don't CC me.
