Tamás
Cc: pf@benzedrine.cx
Subject: Re: stucked connection (missing rst??)
On Mon, Dec 12, 2005 at 03:56:18PM +0100, Németh Tamás wrote:
Is this communication invalid? Is it against rfc?
Yes, it violates the TCP RFC 793, see sections Knowing When to Keep
Quiet and The TCP Quiet Time Concept
On Tue, Dec 13, 2005 at 03:12:12PM +0100, Németh Tamás wrote:
I have tried what you said, and I experienced that, when pf was not enabled,
then everything went fine (I couldn't see any connection in TIME_WAIT state
with netstat -n (I think the state was removed pretty fast).
Could you explain
On Tue, Dec 13, 2005 at 03:12:12PM +0100, Németh Tamás wrote:
With PF:
hping -c 1 -s 60002 -S -p 22 1.2.3.4
14:16:48.379903 00:0c:f1:6b:31:d9 00:e0:18:c4:b7:68, ethertype IPv4
(0x0800), length 54: IP 1.2.3.5.60002 1.2.3.4.22: S
1809653489:1809653489(0) win 512
14:16:48.381907
On 12/13/05, Daniel Hartmeier [EMAIL PROTECTED] wrote:
Insertion and
removal of state entries is costly, if you set pf up to insert a state
for every single SYN and remove one for every single RST, you're exposing
yourself to a DoS attack where an attacker floods you with SYNs and
RSTs like
On Mon, Dec 12, 2005 at 03:56:18PM +0100, Németh Tamás wrote:
Is this communication invalid? Is it against rfc?
Yes, it violates the TCP RFC 793, see sections Knowing When to Keep
Quiet and The TCP Quiet Time Concept starting on page 27 of
http://www.faqs.org/rfcs/rfc793.html
The concept of