Henning Brauer skrev:
not sure wether it wouldn't be smarter to just have pf scrub drop
these as well.
--- pf_norm.c Sat Mar 21 12:17:44 2009
+++ pf_norm.c.orig Sat Mar 21 12:16:56 2009
@@ -782,11 +782,8 @@
flags = th->th_flags;
if (flags & TH_SYN) {
/* Ill
not sure wether it wouldn't be smarter to just have pf scrub drop
these as well.
--- pf_norm.c Sat Mar 21 12:17:44 2009
+++ pf_norm.c.orig Sat Mar 21 12:16:56 2009
@@ -782,11 +782,8 @@
flags = th->th_flags;
if (flags & TH_SYN) {
/* Illegal packet */
+
On Fri, 13 Mar 2009 17:30:38 +1100, SJP Lists wrote:
>2009/3/13 Rod Whitworth :
>
>>>You could have scrubbing turned off at the bride
>>
>> So what's she going to do? Just the dishes?
>> Why did he marry her anyway?
>>
>>
>
>Careful Rod, from memory Diana is a crack shot and packs!
>
Hey, I know
2009/3/13 Rod Whitworth :
>>You could have scrubbing turned off at the bride
>
> So what's she going to do? Just the dishes?
> Why did he marry her anyway?
>
>
Careful Rod, from memory Diana is a crack shot and packs!
On Fri, 13 Mar 2009 03:17:30 +0100, ropers wrote:
>You could have scrubbing turned off at the bride
So what's she going to do? Just the dishes?
Why did he marry her anyway?
*** NOTE *** Please DO NOT CC me. I subscribed to the list.
Mail to the sender address that does not originate at the
2009/3/12 Stuart VanZee :
>
> it doesn't seem possible to implement a rule that blocks
> these packets while still using packet normalization (scrub)
> since scrub is the first thing that sees a packet and drops
> the FIN on a packet that has SYN+FIN set (at least that is
> how I understand it).
S
On Thu, Mar 12, 2009 at 09:46:07AM -0700, J.C. Roberts wrote:
> On Thu, 12 Mar 2009 11:51:40 -0400 Marcus Watts wrote:
>
> > "J.C. Roberts" writes:
> > ...
> > > I know SYN+FIN is a valid packet according to RFC 793 and 1644
> > > (T/TCP), but the more important question is, "what are the valua
Thank you all for the interesting discussion on this issue.
I can't prove it but I think I have gained at least one IQ
point just from the privilege of reading said responses.
In my case, I think the answer boils down to the fact that
it doesn't seem possible to implement a rule that blocks
these
On Thu, 12 Mar 2009 11:25:07 +0100 Pete Vickers
wrote:
> Hi,
>
> What about Postel's 'be liberal in what you accept' ? What about
> peers/intermediate system that have for example bugs which
> accidentally set FIN flags (ISP's broken traffic shaping/limiting
> device anyone ?). If pf can
On Thu, 12 Mar 2009 11:51:40 -0400 Marcus Watts wrote:
> "J.C. Roberts" writes:
> ...
> > I know SYN+FIN is a valid packet according to RFC 793 and 1644
> > (T/TCP), but the more important question is, "what are the valuable
> > *uses* for SYN+FIN packets?"
> >
> > Personally, I can't think of
"J.C. Roberts" writes:
...
> I know SYN+FIN is a valid packet according to RFC 793 and 1644 (T/TCP),
> but the more important question is, "what are the valuable *uses* for
> SYN+FIN packets?"
>
> Personally, I can't think of any valuable uses. Can you?
...
There is a use actually. If you want
Hi,
What about Postel's 'be liberal in what you accept' ? What about
peers/intermediate system that have for example bugs which
accidentally set FIN flags (ISP's broken traffic shaping/limiting
device anyone ?). If pf can safely cleanse such legitimate traffic,
then why block it ?
Bli
On Wed, 11 Mar 2009 13:07:22 -0400 Jason Dixon
wrote:
> On Wed, Mar 11, 2009 at 01:04:34PM -0400, David Goldsmith wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > Jason Dixon wrote:
> > >
> > > S/SAFR
> > >
> > > I just had to deal with this on our customer's PCI scan. Don
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jason Dixon wrote:
> On Wed, Mar 11, 2009 at 10:42:38AM -0400, Stuart VanZee wrote:
>> I understand that this might annoy a few of you, If it does
>> please accept my apologies.
>>
>> The place I work is required to have an external security scan
>> fr
On Wed, Mar 11, 2009 at 01:04:34PM -0400, David Goldsmith wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Jason Dixon wrote:
> >
> > S/SAFR
> >
> > I just had to deal with this on our customer's PCI scan. Don't argue
> > with the logic, just do it. :)
>
> Let me guess -- TrustKee
On Wed, Mar 11, 2009 at 10:54:18AM -0400, Jason Dixon wrote:
> On Wed, Mar 11, 2009 at 10:42:38AM -0400, Stuart VanZee wrote:
> > I understand that this might annoy a few of you, If it does
> > please accept my apologies.
> >
> > The place I work is required to have an external security scan
> > f
On Wed, Mar 11, 2009 at 10:42:38AM -0400, Stuart VanZee wrote:
> I understand that this might annoy a few of you, If it does
> please accept my apologies.
>
> The place I work is required to have an external security scan
> from time to time and the latest scan says that we have failed
> because t
I understand that this might annoy a few of you, If it does
please accept my apologies.
The place I work is required to have an external security scan
from time to time and the latest scan says that we have failed
because the firewall responded to a TCP packet that has the SYN
and FIN flags set.
18 matches
Mail list logo
