Re: packets with syn/fin vs pf_norm.c
Jesper Wallin <jesper@hackunite.net> writes:
> First of all, I know that not dropping SYN/FIN isn't really a big deal, it
> just makes no sense. But since it doesn't make any sense, I don't see
> the reason why not to discard them.
It is not invalid for a TCP segment to have both SYN and FIN set. See
for instance RFC 1644.
> I'm running pf on FreeBSD 5.4-RELEASE-p3 and I scrub any traffic. I've
> read some other posts on google and as far as I can tell, clearly invalid
> packets (like packets with SYN/RST set) is discared while scrub simply
> remove the FIN bit on packets with SYN/FIN.
It shouldn't, at least not unconditionally.
DES
--=20
Dag-Erling Sm=F8rgrav - des@des.no
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 3 之 13 篇):