Hi, Looking at this : http://iptables-tutorial.frozentux.net/iptables-tutorial.html#SYNACKANDNEW I understand that in order to prevent my ip address from being spoofed, I should reject NEW packets with the SYN/ACK flags set and the others cleared. However, with the following nmap command I have tried to check it out : nmap --scanflags SYNACK 192.168.0.1 all packets are known to be in the INVALID state rather than in the NEW state. state NEW tcp flags:FIN,SYN,RST,ACK/SYN,ACK -> 0 packet state INVALID tcp flags:FIN,SYN,RST,ACK/SYN,ACK -> 170 packets They talk about sequence number, as well, in the document, but I can't figure out what difference it makes. Did I miss anything ? -- Franck Joncourt http://www.debian.org - http://smhteam.info/wiki/ GPG server : pgpkeys.mit.edu Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE
Attachment:
signature.asc
Description: Digital signature
