not sure wether it wouldn't be smarter to just have pf scrub drop
these as well.
--- pf_norm.c Sat Mar 21 12:17:44 2009
+++ pf_norm.c.orig Sat Mar 21 12:16:56 2009
@@ -782,11 +782,8 @@
flags = th-th_flags;
if (flags TH_SYN) {
/* Illegal packet */
+
Henning Brauer skrev:
not sure wether it wouldn't be smarter to just have pf scrub drop
these as well.
--- pf_norm.c Sat Mar 21 12:17:44 2009
+++ pf_norm.c.orig Sat Mar 21 12:16:56 2009
@@ -782,11 +782,8 @@
flags = th-th_flags;
if (flags TH_SYN) {
/*
2009/3/13 Rod Whitworth glis...@witworx.com:
You could have scrubbing turned off at the bride
So what's she going to do? Just the dishes?
Why did he marry her anyway?
Grinning, running and ducking
Careful Rod, from memory Diana is a crack shot and packs!
On Fri, 13 Mar 2009 17:30:38 +1100, SJP Lists wrote:
2009/3/13 Rod Whitworth glis...@witworx.com:
You could have scrubbing turned off at the bride
So what's she going to do? Just the dishes?
Why did he marry her anyway?
Grinning, running and ducking
Careful Rod, from memory Diana is a
On Wed, 11 Mar 2009 13:07:22 -0400 Jason Dixon ja...@dixongroup.net
wrote:
On Wed, Mar 11, 2009 at 01:04:34PM -0400, David Goldsmith wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jason Dixon wrote:
S/SAFR
I just had to deal with this on our customer's PCI scan.
Hi,
What about Postel's 'be liberal in what you accept' ? What about
peers/intermediate system that have for example bugs which
accidentally set FIN flags (ISP's broken traffic shaping/limiting
device anyone ?). If pf can safely cleanse such legitimate traffic,
then why block it ?
J.C. Roberts list-...@designtools.org writes:
...
I know SYN+FIN is a valid packet according to RFC 793 and 1644 (T/TCP),
but the more important question is, what are the valuable *uses* for
SYN+FIN packets?
Personally, I can't think of any valuable uses. Can you?
...
There is a use
On Thu, 12 Mar 2009 11:51:40 -0400 Marcus Watts m...@umich.edu wrote:
J.C. Roberts list-...@designtools.org writes:
...
I know SYN+FIN is a valid packet according to RFC 793 and 1644
(T/TCP), but the more important question is, what are the valuable
*uses* for SYN+FIN packets?
On Thu, 12 Mar 2009 11:25:07 +0100 Pete Vickers p...@systemnet.no
wrote:
Hi,
What about Postel's 'be liberal in what you accept' ? What about
peers/intermediate system that have for example bugs which
accidentally set FIN flags (ISP's broken traffic shaping/limiting
device anyone
Thank you all for the interesting discussion on this issue.
I can't prove it but I think I have gained at least one IQ
point just from the privilege of reading said responses.
In my case, I think the answer boils down to the fact that
it doesn't seem possible to implement a rule that blocks
these
On Thu, Mar 12, 2009 at 09:46:07AM -0700, J.C. Roberts wrote:
On Thu, 12 Mar 2009 11:51:40 -0400 Marcus Watts m...@umich.edu wrote:
J.C. Roberts list-...@designtools.org writes:
...
I know SYN+FIN is a valid packet according to RFC 793 and 1644
(T/TCP), but the more important
2009/3/12 Stuart VanZee stua...@datalinesys.com:
it doesn't seem possible to implement a rule that blocks
these packets while still using packet normalization (scrub)
since scrub is the first thing that sees a packet and drops
the FIN on a packet that has SYN+FIN set (at least that is
how I
On Fri, 13 Mar 2009 03:17:30 +0100, ropers wrote:
You could have scrubbing turned off at the bride
So what's she going to do? Just the dishes?
Why did he marry her anyway?
Grinning, running and ducking
*** NOTE *** Please DO NOT CC me. I am subscribed to the list.
Mail to the sender address
I understand that this might annoy a few of you, If it does
please accept my apologies.
The place I work is required to have an external security scan
from time to time and the latest scan says that we have failed
because the firewall responded to a TCP packet that has the SYN
and FIN flags set.
On Wed, Mar 11, 2009 at 10:42:38AM -0400, Stuart VanZee wrote:
I understand that this might annoy a few of you, If it does
please accept my apologies.
The place I work is required to have an external security scan
from time to time and the latest scan says that we have failed
because the
On Wed, Mar 11, 2009 at 10:54:18AM -0400, Jason Dixon wrote:
On Wed, Mar 11, 2009 at 10:42:38AM -0400, Stuart VanZee wrote:
I understand that this might annoy a few of you, If it does
please accept my apologies.
The place I work is required to have an external security scan
from time
On Wed, Mar 11, 2009 at 01:04:34PM -0400, David Goldsmith wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jason Dixon wrote:
S/SAFR
I just had to deal with this on our customer's PCI scan. Don't argue
with the logic, just do it. :)
Let me guess -- TrustKeeper? We just
17 matches
Mail list logo
