From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jason Opperisano Subject: Re: valid INPUT/OUTPUT rule piece?--> '-p tcp --tcp-flags ACK, FIN FIN -j DROP', etc. Date: Wed, 26 Jan 2005 14:08:15 -0500 Message-ID: <20050126190815.GA7187@bender.817west.com> References: <20050126001855.GC15359@spawar.navy.mil> <41F6E665.6010000@lopsch.com> <20050126052658.GA17112@spawar.navy.mil> Mime-Version: 1.0 Return-path: Content-Disposition: inline In-Reply-To: <20050126052658.GA17112@spawar.navy.mil> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: netfilter@lists.netfilter.org On Tue, Jan 25, 2005 at 09:26:58PM -0800, seberino@spawar.navy.mil wrote: > Lopsch > > Thanks for your email. I know a little about TCP flags. > IIRC, ACK means 'Acknowlegement' > and FIN means 'Finish Connection'. > > Why would TCP want everyone to turn on ACK when they > want to finish a connection with FIN? > > I assume that TCP was written to do 2 errands in one > TCP datagram?...1. acknowledge last datagram received > 2. terminate connection > > It seems odd you can't terminate a connection (FIN) > without also acknowledging something to me. > > Chris read: http://www.tcpipguide.com/free/t_TCPConnectionEstablishmentProcessTheThreeWayHandsh.htm and: http://www.tcpipguide.com/free/t_TCPConnectionTermination.htm if you want a better understanding of TCP connection setup and termination and the flags set during each phase. the quick answer to your question is that an actual OS TCP/IP stack will always set the ACK bit when sending a FIN, URG, or PSH packet. FIN, URG, and PSH packets that are sent without the ACK bit set were probably generated by some scanner tool (nmap, hping) or by somebody's custom code (perl script). -j -- "Operator! Give me the number for 911!" --The Simpsons