why good to drop *these* TCP flag settings...?....
seberino at spawar.navy.mil
seberino at spawar.navy.mil
Tue Apr 5 08:25:53 CEST 2005
Why are these flag combos in iptables rules good to drop???
# Is the explanation for these because SYN starts a
# connection and it doesn't make sense to reset (RST)
# or terminate (FIN) at the same time your initiating (SYN)???
--tcp-flags SYN,RST SYN,RST -j DROP
--tcp-flags SYN,FIN SYN,FIN -j DROP
# Is this obvious in that you can't finish (FIN) and
# reset (RST) at the same time?
--tcp-flags FIN,RST FIN,RST -j DROP
# Can these be explained by simple fact that *ALL* packets
# must have ACK set after connection established?? Is that right?
# (if yes, could we add 'ACK,RST RST' to drop list as well?)
--tcp-flags ACK,FIN FIN -j DROP
--tcp-flags ACK,PSH PSH -j DROP
--tcp-flags ACK,URG URG -j DROP
What would DROP rule look like to protect against Xmas tree scan?
You'd want to drop packets with FIN, PSH and URG /all/ set right?
Thanks!
Chris
More information about the netfilter
mailing list