Re: TCP SYN packets which have the FIN flag set.

To: debian-security@lists.debian.org
Subject: Re: TCP SYN packets which have the FIN flag set.
From: Stefan Fritsch <sfritsch@ph.tum.de>
Date: Fri, 5 Nov 2004 14:06:26 +0100
Message-id: <200411051406.27040.sfritsch@ph.tum.de>
In-reply-to: <1099654027.3571.45.camel@baruch.hamilton.local>
References: <1099503358.3095.2.camel@localhost> <1099590509.3233.58.camel@localhost> <1099654027.3571.45.camel@baruch.hamilton.local>

Hi!

On Friday 05 November 2004 12:27, Baruch Even wrote:
> > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> > iptables -A INPUT -m state --state NEW -p tcp --tcp-flags ALL SYN -j ACCEPT
>
> Please dont do that!

> You can use SYN,ACK,FIN,RST SYN to check for illegal flags.

Shouldn't

iptables -A INPUT -m state --state INVALID -j DROP

as the _first_ rule take care of all packages with illegal flags?
Unfortunately, I haven't found any documentation what exactly is
considered INVALID. Anybody?

Cheers,
Stefan



-- 
Technische Universitaet Muenchen   Raum:   1131
Physik-Department T39              Tel.:   089/289-12197
James-Franck-Strasse     E-Mail: sfritsch@ph.tum.de
D-85748 Garching

Reply to:

Follow-Ups:
- Re: TCP SYN packets which have the FIN flag set.
  - From: Baruch Even <baruch@ev-en.org>

References:
- TCP SYN packets which have the FIN flag set.
  - From: Luis Pérez Meliá <luipeme@yahoo.es>
- Re: TCP SYN packets which have the FIN flag set.
  - From: Luis Pérez Meliá <luisp.m@ono.com>
- Re: TCP SYN packets which have the FIN flag set.
  - From: Baruch Even <baruch@ev-en.org>

Prev by Date: Re: TCP SYN packets which have the FIN flag set.
Next by Date: Re: TCP SYN packets which have the FIN flag set.
Previous by thread: Re: TCP SYN packets which have the FIN flag set.
Next by thread: Re: TCP SYN packets which have the FIN flag set.
Index(es):
- Date
- Thread