Re: TCP SYN packets which have the FIN flag set.

To: debian-security@lists.debian.org
Subject: Re: TCP SYN packets which have the FIN flag set.
From: Jan Minar <jjminar@fastmail.fm>
Date: Thu, 4 Nov 2004 11:14:32 +0000
Message-id: <20041104111432.GB28422@kontryhel.haltyr.dyndns.org>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <1099503358.3095.2.camel@localhost>
References: <1099503358.3095.2.camel@localhost>

Please don't use HTML.

On Wed, Nov 03, 2004 at 06:35:58PM +0100, Luis Pérez Meliá wrote:
>    Is this a serious problem?

Maybe.  It is a very serious bug.

>    Test ID:11618  View Source Category:Firewalls Title:Remote host replies to
>    SYN+FIN Summary:Sends a SYN+FIN packet and expects a SYN+ACK Description:
>    The remote host does not discard TCP SYN packets which
>    have the FIN flag set.

google/wikipedia will tell you what TCP SYN packets are, and why it's so
important to filter them on the firewall.

>    Depending on the kind of firewall you are using, an
>    attacker may use this flaw to bypass its rules.

So, which firewall are You using?
-- 
Jan

Attachment: pgpol6s8Pa6YQ.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: TCP SYN packets which have the FIN flag set.
  - From: Luis Pérez Meliá <luisp.m@ono.com>
- Re: TCP SYN packets which have the FIN flag set.
  - From: Florian Weimer <fw@deneb.enyo.de>

References:
- TCP SYN packets which have the FIN flag set.
  - From: Luis Pérez Meliá <luipeme@yahoo.es>

Prev by Date: Re: doing an ssh into a compromised host
Next by Date: Re: TCP SYN packets which have the FIN flag set.
Previous by thread: TCP SYN packets which have the FIN flag set.
Next by thread: Re: TCP SYN packets which have the FIN flag set.
Index(es):
- Date
- Thread