|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: dfolkins (dfolkins_at_comcast.net)
Date: Thu Sep 12 2002 - 10:10:46 CDT
well, of course that would work, but the regular tcpflags ack rules are less
restrictive. i.e. they tend to allow all ack packets through, which opens
doors for ack-tunneling trojans, not to mention ack packet ddos. that's why
i wanted to make all rules keep-state. and besides, keep-state is _cool_.
:)
----- Original Message -----
From: "David Wolfskill" <david
catwhisker.org>
To: <dfolkinscomcast.net>
Sent: Thursday, September 12, 2002 10:56 AM
Subject: Re: ipfw, natd, and keep-state - strange behavior?
> What I did was use the stateful stuff (only) for UDP; for TCP, I used
> the "established" flag. And I haven't seen the problems you report.
>
> Cheers,
> david
> --
> David H. Wolfskill davidcatwhisker.org
> To paraphrase David Hilbert, there can be no conflicts between the
> discipline of systems administration and Microsoft, since they have
> nothing in common.
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]