Fatih USTA <fatihusta86@xxxxxxxxx> wrote: > Hello, > I am trying to protect my network from the tcp split handshake attack! > (4-way handshake rejection or 3-way handshake enforcement). > I tested the sample code. (link below) And passed the firewall(iptables). Why wouldn't it? Its valid tcp, your ruleset allows connections to happen and there is a socket expecting a connection. > I can't find any solution on the internet for Linux. nft add rule filter forward tcp flags & (syn | ack) == syn ct direction reply counter drop But why would you want to disallow this behaviour? > Link1: https://tech.labs.oliverwyman.com/blog/2016/11/07/4-way-tcp-handshake-and-firewalls/ This is simultaneous connect, at least thats what can be seen in the tcpdump, syns cross on wire, both ends send syn/ack. WHy do you consider this an "attack"?
