Cy Schubert - ITSD Open Systems Group <[EMAIL PROTECTED]> writes: > In message <[EMAIL PROTECTED]>, Dag-Erling Smorgrav > writes: > > It doesn't have anything to do with syn floods at all. It merely > > prevents OS fingerprinting (at least the way nmap does it). > The following ipfw rule will also prevent OS fingerprinting. > > deny log tcp from any to any in tcpflg fin,syn It does precisely the same thing as TCP_DROP_SYNFIN, except much slower. > Would this too have problems with TTCP? The reason I ask is that I've > been using this rule for a ever since 2.2.x (cannot remember the exact > date) and I haven't had any problems with TTCP enabled. I know I > should look at the RFC (and I will after lunch), but I'll ask anyway. > Does TTCP use packets with SYN/FIN set? Yes, if the request (or reply) is short enough to fit in a single segment, which is exceedingly rare these days. DES -- Dag-Erling Smorgrav - [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message