|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: packets with syn/fin vs pf_norm.c
From: fooler (fooler
skyinet.net)
Date: Wed Jul 06 2005 - 01:11:40 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----- Original Message -----
From: "Dag-Erling Smørgrav" <desdes.no>
To: "Jesper Wallin" <jesperhackunite.net>
Cc: <freebsd-securityfreebsd.org>; "Darren Reed"
<avaloncaligula.anu.edu.au>
Sent: Wednesday, July 06, 2005 1:39 PM
Subject: Re: packets with syn/fin vs pf_norm.c
> The TCP_DROP_SYNFIN option should be removed; it has long outlived its
> original purpose (which was to prevent nmap identification of IRC
> servers which didn't run ipfw for performance reasons, back in the 3.0
> days)
i vote not to remove because it just an option there whether you want it or
not for added protection for OS fingerprinting...
standard tcp is the most rampant used than t/tcp and most (or all) tcp
modules are not combining syn + fin flag in a tcp datagram for normal tcp
transaction...
fooler.
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]