El dom, 06 de 02 de 2005 a las 21:34, R. DuFresne escribiÃ: > On 6 Feb 2005, Jose Maria Lopez wrote: > > > El dom, 06 de 02 de 2005 a las 07:29, seberino@xxxxxxxxxxxxxxx escribiÃÂ: > > > Hudson & Ron > > > > > > I'm not sure there even exists documentation to explain > > > some of the DROP rules I see in firewall scripts. > > > > > > Have you seen guys like these?... > > > > > > -p tcp --tcp-flags ACK,FIN FIN -j DROP > > > -p tcp --tcp-flags ACK,PSH PSH -j DROP > > > -p tcp --tcp-flags ACK,URG URG -j DROP > > > > > > What TCP/IP book tells you that FIN, PSH and URG packets > > > usually have ACK set? **These** are the rules I don't > > > know how to understand. > > > > > > Chris > > > > They *don't* have the ACK set, that's because they are > > dropped, because it's anormal traffic, probably portscans. > > > > Can't these kind of packets get handled by an INVALID match, with one > rule per appropriate chain? > Yes, but remember they use to be portscannings, so take a watch at the conntrack tables, so it doesn't full it of shit. > > Thanks, > > Ron DuFresne Regards -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
