[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: TCP SYN packets which have the FIN flag set.



On Thu, Nov 04, 2004 at 06:48:29PM +0100, Luis Pérez Meliá wrote:
>         iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Doesn't match any packets which have the SYN flag set.

>         iptables -A INPUT -m state --state NEW -p tcp --tcp-flags ALL SYN -j ACCEPT
                                                                    ^^^^^^^^^^^^^^^^^
Matches SYN packets which have all the other flags unset.


So no problem here.  The packet filtering code in kernels 2.4.x 2.6.x
should not exhibit the behavior Nessus found, unless badly configured.
In other words, the problem might lay somewhere in Your iptables
configuration/scripts.  Using some higher-level firewall configuration
utility might be an option?

You may want to run Nessus with greater verbosity enabled, if that's
possible, and/or use tcpdump(8) to discover what's really going on the
wire.  Ethereal seems to be quite a good tool if You're not that
proficient in TCP/IP and the rather cryptic tcpdump output.


HTH,
-- 
Jan



Reply to: