On 6 Feb 2005, Jose Maria Lopez wrote:
> El dom, 06 de 02 de 2005 a las 07:29, seberino@xxxxxxxxxxxxxxx escribió:
> > Hudson & Ron
> >
> > I'm not sure there even exists documentation to explain
> > some of the DROP rules I see in firewall scripts.
> >
> > Have you seen guys like these?...
> >
> > -p tcp --tcp-flags ACK,FIN FIN -j DROP
> > -p tcp --tcp-flags ACK,PSH PSH -j DROP
> > -p tcp --tcp-flags ACK,URG URG -j DROP
> >
> > What TCP/IP book tells you that FIN, PSH and URG packets
> > usually have ACK set? **These** are the rules I don't
> > know how to understand.
> >
> > Chris
>
> They *don't* have the ACK set, that's because they are
> dropped, because it's anormal traffic, probably portscans.
>
Can't these kind of packets get handled by an INVALID match, with one
rule per appropriate chain?
Thanks,
Ron DuFresne
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
...Love is the ultimate outlaw. It just won't adhere to rules.
The most any of us can do is sign on as it's accomplice. Instead
of vowing to honor and obey, maybe we should swear to aid and abet.
That would mean that security is out of the question. The words
"make" and "stay" become inappropriate. My love for you has no
strings attached. I love you for free...
-Tom Robins <Still Life With Woodpecker>
