Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: davibou on March 24, 2004, 02:05:18 AM

Title: How to fix that please
Post by: davibou on March 24, 2004, 02:05:18 AM: Remote host replies to SYN|FIN
The remote host does not discard TCP SYN packets which
have the FIN flag set.
Depending on the kind of firewall you are using, an
attacker may use this flaw to bypass its rules.

See also : http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html
http://www.kb.cert.org/vuls/id/464113

The archive of neophasis.com tel that :

For example on systems using iptables to filter packets bogus packets can be easily distinguished by following rules:

iptables -A INPUT -p tcp -d HOST/MASK --tcp-flags SYN,FIN SYN,FIN -j LOG -m limit --limit 10/m --log-level "LOGLEVEL" --log-prefix="bogus packet"
$IP -A INPUT -p tcp -d HOST/MASK --tcp-flags SYN,FIN SYN,FIN -j DROP

But how proceed for add this rule??

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy | Terms and Policies