Hello all,
I am trying to setup a firewall, and have read and seen in some firewall
scripts lines similar this:
iptables -A <chain> -p tcp ! --syn -m state --state NEW -j DROP
This lane basically says, as I understand it, that all new packets that
are not of the "SYN" state will be dropped. I've read that it is TCP
protocol to always first send a SYN packet to establish the connection
and so any connection that first sends a packet that is NOT of the SYN
state, should be dropped because it is suspicious of something bad going
on. This made sense to me at first, but I have been logging any of
these "new, but no syn packet" packets for about a week now, and get
them quite frequently from a wide variety of respectable websites. I
doubt these domains are trying to hack me and so I'm wondering if this
is normal and I shouldn't be dropping these packets. It doesn't seem to
affect any connections by dropping these packets. Anyone know what's
going on here? Thanks in advance.
-Matt Kowske
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
