El dom, 06 de 02 de 2005 a las 07:29, seberino@xxxxxxxxxxxxxxx escribiÃ: > Hudson & Ron > > I'm not sure there even exists documentation to explain > some of the DROP rules I see in firewall scripts. > > Have you seen guys like these?... > > -p tcp --tcp-flags ACK,FIN FIN -j DROP > -p tcp --tcp-flags ACK,PSH PSH -j DROP > -p tcp --tcp-flags ACK,URG URG -j DROP > > What TCP/IP book tells you that FIN, PSH and URG packets > usually have ACK set? **These** are the rules I don't > know how to understand. > > Chris They *don't* have the ACK set, that's because they are dropped, because it's anormal traffic, probably portscans. Regards. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
