[list added again, I think this is public interest and should be archived]
On 01/04/2003, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote To [EMAIL PROTECTED]:
I just wanted to drop all nmap and/or other harmful packets... I found half
of this list of flags @ nmap's forums by a guy saying which to
If you dont want port XYZ being reached. Block it. Completly. No
matter what fuxxored flag ever is set. Period.
//pb
Agreed, but a quick block on some of the common nmap flags on the very top
of your ruleset can save you some time (right?) Esp. when somebody went mad,
has a big pipe and
On 01/04/2003, Max Laier [EMAIL PROTECTED] wrote To [EMAIL PROTECTED]:
If you dont want port XYZ being reached. Block it. Completly. No
matter what fuxxored flag ever is set. Period.
Agreed, but a quick block on some of the common nmap flags on the very top
of your ruleset can save you
On Tue, Apr 01, 2003 at 08:37:52AM +0200, [EMAIL PROTECTED] wrote:
flags = flags ( flag-set / flag-set | / flag-set )
flag-set = [ F ] [ S ] [ R ] [ P ] [ A ] [ U ] [ E ] [ W ]
this is wrong.. who wrote that shit? :)
The first part of the RHS is the literal flags
Agreed, but a quick block on some of the common nmap flags on the very
top
of your ruleset can save you some time (right?) Esp. when somebody went
mad,
has a big pipe and found out about insane-nmap timeing.
*sigh*
And all other tcp packets (which are most likely to happen more often)
On 01/04/2003, jared r r spiegel [EMAIL PROTECTED] wrote To [EMAIL PROTECTED]:
will
the following work? Does pf syntax allow this?
BadTCPFlags={ FUP, FUP/FUP, SF/SFRA, /SFRA, F/SFRA, U/SFRAU, P, \
FS/FS, FSRPAU, /FSRPAU }
block in quick proto tcp all flags $BadTCPFlags
no