* TCP SYN FIN
@ 2004-07-02 12:27 Steve Comfort
2004-07-02 12:41 ` Antony Stone
0 siblings, 1 reply; 4+ messages in thread
From: Steve Comfort @ 2004-07-02 12:27 UTC (permalink / raw)
To: netfilter
Hi All,
I'm running Nessus to check my firewall rules, and its telling me :
"remote host does not drop TCP SYN packets with the FIN flag set .... "
I've tried adding the following rule :
$ipt -A INPUT -i $iface -d $network -p tcp --tcp-flags SYN,FIN SYN, FIN
-j DROP
and a few permutations, but the warning still appears.
How do I fix this?
Best regards
Steve
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: TCP SYN FIN
2004-07-02 12:27 TCP SYN FIN Steve Comfort
@ 2004-07-02 12:41 ` Antony Stone
2004-07-02 13:29 ` listuser
0 siblings, 1 reply; 4+ messages in thread
From: Antony Stone @ 2004-07-02 12:41 UTC (permalink / raw)
To: netfilter
On Friday 02 July 2004 1:27 pm, Steve Comfort wrote:
> Hi All,
>
> I'm running Nessus to check my firewall rules, and its telling me :
>
> "remote host does not drop TCP SYN packets with the FIN flag set .... "
>
> I've tried adding the following rule :
>
> $ipt -A INPUT -i $iface -d $network -p tcp --tcp-flags SYN,FIN SYN, FIN
> -j DROP
What does the variable $network corresopond to in the above rule?
Does the address you are sending the SYN-FIN packets to fall within this
range?
If you do a "iptables -L INPUT -nvx" do the packet & byte counters show any
packets matching the above rule?
Regards,
Antony.
--
Success is a lousy teacher. It seduces smart people into thinking they can't
lose.
- William H Gates III
Please reply to the list;
please don't CC me.
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: TCP SYN FIN
2004-07-02 12:41 ` Antony Stone
@ 2004-07-02 13:29 ` listuser
2004-07-06 0:44 ` Listas de Discussão Linux
0 siblings, 1 reply; 4+ messages in thread
From: listuser @ 2004-07-02 13:29 UTC (permalink / raw)
To: netfilter
HiHo!
> > $ipt -A INPUT -i $iface -d $network -p tcp --tcp-flags SYN,FIN SYN, FIN
> > -j DROP
Maybe this is a no-brainer. But if you have copied the above from
a script you may fail to notice that this rule will throw an error.
The space between the second SYN, and FIN is wrong.
If the above is just a typo in this mail, than forget this reply :)
ciao
markus
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: TCP SYN FIN
2004-07-02 13:29 ` listuser
@ 2004-07-06 0:44 ` Listas de Discussão Linux
0 siblings, 0 replies; 4+ messages in thread
From: Listas de Discussão Linux @ 2004-07-06 0:44 UTC (permalink / raw)
To: listuser, netfilter
does it not works correctly?
Atenciosamente,
Ralph Liebessohn
----- Original Message -----
From: <listuser@sally.epygi.de>
To: "netfilter" <netfilter@lists.netfilter.org>
Sent: Friday, July 02, 2004 10:29 AM
Subject: RE: TCP SYN FIN
> HiHo!
>
> > > $ipt -A INPUT -i $iface -d $network -p tcp --tcp-flags SYN,FIN SYN,
FIN
> > > -j DROP
>
> Maybe this is a no-brainer. But if you have copied the above from
> a script you may fail to notice that this rule will throw an error.
> The space between the second SYN, and FIN is wrong.
> If the above is just a typo in this mail, than forget this reply :)
>
> ciao
> markus
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2004-07-06 0:44 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-07-02 12:27 TCP SYN FIN Steve Comfort
2004-07-02 12:41 ` Antony Stone
2004-07-02 13:29 ` listuser
2004-07-06 0:44 ` Listas de Discussão Linux
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.