The FIN flag indicates that the host that sends it is ready to drop the connection, but a SYN flag indicates that the host is ready to start a connection. Having both set is bad because a cracker can use this to sneak packets through a firewall that does not block them. If you are using IPTables, then you would filter using the TCP Flags option, and drop the packets. I recommend some reading over at http://iptables-tutorial.frozentux.net/
There is a lot of good stuff over there including info on TCP Connections, and the handshake process, which is vital in setting up a "Good" firewall, IMHO, anyway. --- Luis P�rez Meli� <[EMAIL PROTECTED]> wrote: > Is this a serious problem? > > When I pass Nessus: > > Test ID:11618 View Source Category:Firewalls Title:Remote host > replies > to SYN+FIN Summary:Sends a SYN+FIN packet and expects a SYN+ACK > Description: > The remote host does not discard TCP SYN packets which > have the FIN flag set. > > Depending on the kind of firewall you are using, an > attacker may use this flaw to bypass its rules. > > See also : > http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html > http://www.kb.cert.org/vuls/id/464113 > > Solution : Contact your vendor for a patch > Risk factor : Medium Cross-Ref:BugTraq ID: 7487 > > Thanks, > -- > > .''`. Luis P�rez Meli� > : :' : > `. `'` > `- Debian GNU/Linux > ===== -"UNIX is basically a simple operating system, but you have to be a genius to understand the simplicity."-Dennis Ritchie __________________________________ Do you Yahoo!? Check out the new Yahoo! Front Page. www.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]