Re: TCP SYN packets which have the FIN flag set.

To: debian-security@lists.debian.org
Subject: Re: TCP SYN packets which have the FIN flag set.
From: "George Georgalis" <george@galis.org>
Date: Fri, 5 Nov 2004 12:13:21 -0500
Message-id: <20041105171321.GA20258@sta>
In-reply-to: <1099667073.3571.56.camel@baruch.hamilton.local>
References: <1099503358.3095.2.camel@localhost> <20041104111432.GB28422@kontryhel.haltyr.dyndns.org> <1099590509.3233.58.camel@localhost> <20041104184140.GA21369@cirrus.madduck.net> <1099654161.3571.48.camel@baruch.hamilton.local> <20041105142706.GA12771@cirrus.madduck.net> <1099667073.3571.56.camel@baruch.hamilton.local>

On Fri, Nov 05, 2004 at 03:04:34PM +0000, Baruch Even wrote:

>ESTABLISHED,RELATED
>NEW
>INVALID
>pick two to cover the spectrum of attacks.

Why not all three in this order...

INVALID -j REJECT 
ESTABLISHED,RELATED -j ACCEPT
NEW -j ACCEPT (if allowed)

I'm thinking PREROUTING is the best table (covers localhost, nat and
bridge connections); but historically I've used it on INPUT.

// George

-- 
George Georgalis, systems architect, administrator Linux BSD IXOYE
http://galis.org/george/ cell:646-331-2027 mailto:george@galis.org

Reply to:

Follow-Ups:
- Re: TCP SYN packets which have the FIN flag set.
  - From: Baruch Even <baruch@ev-en.org>

References:
- TCP SYN packets which have the FIN flag set.
  - From: Luis Pérez Meliá <luipeme@yahoo.es>
- Re: TCP SYN packets which have the FIN flag set.
  - From: Jan Minar <jjminar@fastmail.fm>
- Re: TCP SYN packets which have the FIN flag set.
  - From: Luis Pérez Meliá <luisp.m@ono.com>
- Re: TCP SYN packets which have the FIN flag set.
  - From: martin f krafft <madduck@debian.org>
- Re: TCP SYN packets which have the FIN flag set.
  - From: Baruch Even <baruch@ev-en.org>
- Re: TCP SYN packets which have the FIN flag set.
  - From: martin f krafft <madduck@debian.org>
- Re: TCP SYN packets which have the FIN flag set.
  - From: Baruch Even <baruch@ev-en.org>

Prev by Date: restricting to local access with pam_access
Next by Date: Re: TCP SYN packets which have the FIN flag set.
Previous by thread: Re: TCP SYN packets which have the FIN flag set.
Next by thread: Re: TCP SYN packets which have the FIN flag set.
Index(es):
- Date
- Thread