Re: TCP Connection tracking and SYN/ACK/PSH

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Phil Oester <kernel@linuxace.com>
To: Henrik Nordstrom <hno@marasystems.com>
Cc: netfilter-devel@lists.netfilter.org,
	NIIBE Yutaka <gniibe@fsij.org>,
	ukai@debian.or.jp
Subject: Re: TCP Connection tracking and SYN/ACK/PSH
Date: Mon, 18 Apr 2005 16:06:14 -0700	[thread overview]
Message-ID: <20050418230614.GA426@linuxace.com> (raw)
In-Reply-To: <Pine.LNX.4.61.0504180316120.4321@filer.marasystems.com>

On Mon, Apr 18, 2005 at 03:34:41AM +0200, Henrik Nordstrom wrote:
> Just a small note to support this: SYN+ACK+PSH is a perfectly valid flags 
> combination, even more so if there actually is data enclosed in the 
> SYN+ACK (which is valid, only a little odd).
> 
> There is not really any good reason why conntrack should care in detail 
> about the PSH flag. Most if not all valid flag combinations are good both 
> with and without PSH (even SYN).

Given that nmap's Xmas tree scan uses an invalid PSH flag combination to scan
for open ports, I'd suggest conntrack should care about the flag.

While the particular combination being seen here is likely always harmless,
perhaps netfilter should only allow RFC-defined handshakes as a general
rule.

Phil

next prev parent reply	other threads:[~2005-04-18 23:06 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-04-17 10:37 TCP Connection tracking and SYN/ACK/PSH NIIBE Yutaka
2005-04-18  1:34 ` Henrik Nordstrom
2005-04-18 23:06   ` Phil Oester [this message]
2005-04-20  1:30   ` Tim Burress
2005-04-20  7:02     ` Re[2]: " Maciej Soltysiak
2005-04-20  7:42     ` Henrik Nordstrom
2005-04-22  9:38       ` Tim Burress
2005-04-22 13:45         ` Jozsef Kadlecsik
2005-04-22 15:34           ` Patrick McHardy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20050418230614.GA426@linuxace.com \
    --to=kernel@linuxace.com \
    --cc=gniibe@fsij.org \
    --cc=hno@marasystems.com \
    --cc=netfilter-devel@lists.netfilter.org \
    --cc=ukai@debian.or.jp \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.