On Wed, 22 Jun 2005, R. DuFresne wrote:
TCP packets without flags are possible during a normal TCP connection, you
don't want to drop them. --state ESTABLISHED,RELATED would never let in
NULL scans anyway, because a NULL scan won't establish a valid TCP
connection before it sends flagless packets.
I was under the impression and perhaps again I'm wrong in my understanding,
tht once a connection was established all packets had at least the ack flags
set<?>.
I think all modern implementations will always send ACK on an established
connection, but I don't think RFC793 requires it. Therefore, it may be
safe to drop unflagged packets, but it seems like a bad idea to me.
As far as stopping NULL or XMAS scans, explicitly dropping packets is
unnecessary if you have a DROP policy and explicitly ACCEPT --state
ESTABLISHED,RELATED.
Alexey
