Re: TCP SYN packets which have the FIN flag set.

2004-11-05 Thread Baruch Even
On Fri, 2004-11-05 at 17:13, George Georgalis wrote: > On Fri, Nov 05, 2004 at 03:04:34PM +0000, Baruch Even wrote: > > >ESTABLISHED,RELATED > >NEW > >INVALID > >pick two to cover the spectrum of attacks. > > Why not all three in this order... > > I

Re: TCP SYN packets which have the FIN flag set.

2004-11-05 Thread Baruch Even
On Fri, 2004-11-05 at 12:49, Jan Minar wrote: > On Fri, Nov 05, 2004 at 11:29:21AM +0000, Baruch Even wrote: > > On Thu, 2004-11-04 at 18:41, martin f krafft wrote: > > > What's the point of matching state NEW *and* SYN packets? Just SYN > > > packets should suffi

Re: TCP SYN packets which have the FIN flag set.

2004-11-05 Thread Baruch Even
On Fri, 2004-11-05 at 13:06, Stefan Fritsch wrote: > Hi! > > On Friday 05 November 2004 12:27, Baruch Even wrote: > > > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > > > iptables -A INPUT -m state --state NEW -p tcp --tcp-flags ALL SYN -j ACCEPT

Re: TCP SYN packets which have the FIN flag set.

2004-11-05 Thread Baruch Even
On Fri, 2004-11-05 at 14:27, martin f krafft wrote: > also sprach Baruch Even <[EMAIL PROTECTED]> [2004.11.05.1229 +0100]: > > This comes from the fact that the NEW state of Netfilter only > > means that this is the first time this connection is seen by the > > firewa

Re: TCP SYN packets which have the FIN flag set.

2004-11-05 Thread Baruch Even
On Fri, 2004-11-05 at 12:03, Florian Weimer wrote: > * Jan Minar: > > >>Is this a serious problem? > > > > Maybe. It is a very serious bug. > > Actually, it's a feature because some TCP extensions use SYN+FIN ("TCP > for Transactions" or something like that). TTCP is a dead proposal, it bri

Re: TCP SYN packets which have the FIN flag set.

2004-11-05 Thread Baruch Even
On Thu, 2004-11-04 at 18:41, martin f krafft wrote: > also sprach Luis Pérez Meliá <[EMAIL PROTECTED]> [2004.11.04.1848 +0100]: > > iptables -A INPUT -m state --state NEW -p tcp --tcp-flags > > ALL SYN -j ACCEPT > > What's the point of matching state NEW *and* SYN packets? Just SYN

Re: TCP SYN packets which have the FIN flag set.

2004-11-05 Thread Baruch Even
On Thu, 2004-11-04 at 17:48, Luis Pérez Meliá wrote: > I'm using iptables. > > In my rules I have this: > . > . > . > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > iptables -A INPUT -m state --state NEW -p tcp --tcp-flags ALL SYN -j ACCE

Re: howto get pptpd with mppe to run ?

2003-01-03 Thread Baruch Even
unknown options mppe-128 or mppe-40, then when i > try rmmod ppp_mppe and modprobe ppp_mppe again i get "No License" but the > mod was > loaded anyway. > > A testconx with simple chap proto works ok. > > Any ideas ??? > > Matthias -- Baruch Even http://baruch.ev-en.org/ http://www.nongnu.org/chktex/

Re: howto get pptpd with mppe to run ?

2003-01-03 Thread Baruch Even
unknown options mppe-128 or mppe-40, then when i > try rmmod ppp_mppe and modprobe ppp_mppe again i get "No License" but the > mod was > loaded anyway. > > A testconx with simple chap proto works ok. > > Any ideas ??? > > Matthias -- Baruch Even http://baruch.