Lopsch
Thanks for your email. I know a little about TCP flags.
IIRC, ACK means 'Acknowlegement'
and FIN means 'Finish Connection'.
Why would TCP want everyone to turn on ACK when they
want to finish a connection with FIN?
I assume that TCP was written to do 2 errands in one
TCP datagram?...1. acknowledge last datagram received
2. terminate connection
It seems odd you can't terminate a connection (FIN)
without also acknowledging something to me.
Chris
On Wed, Jan 26, 2005 at 01:37:57AM +0100, Lopsch wrote:
> seberino@xxxxxxxxxxxxxxx schrieb:
> >Please explain these:
> >
> >$IPTABLES -t filter -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP
> >$IPTABLES -t filter -A INPUT -p tcp --tcp-flags ACK,PSH PSH -j DROP
> >$IPTABLES -t filter -A INPUT -p tcp --tcp-flags ACK,URG URG -j DROP
> >$IPTABLES -t filter -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
> >
> >Do first 3 imply you must send ACK when you send a FIN, PSH or URG?
> >
> >And does last mean you must set *some* TCP flag always?
> >
> >CS
> >
> >
> Exactly. The first 3 rules are used for dropping packets which have set
> FIN, PSH and URG but without a set ACK-flag. The last one prevents empty
> packets (none flag set) to enter your network.
> As often such packets are used by portscans it is useful to drop them.
> Jason posted a link some time ago with a list of rules to perform tcp
> checks http://www.stearns.org/modwall/sample/tcpchk-sample
>
> --
>
> PGP-ID 0xF8EAF138
--
_______________________________________
Christian Seberino, Ph.D.
SPAWAR Systems Center San Diego
Code 2872
49258 Mills Street, Room 158
San Diego, CA 92152-5385
U.S.A.
Phone: (619) 553-9973
Fax : (619) 553-6521
Email: seberino@xxxxxxxxxxxxxxx
_______________________________________
