[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: TCP SYN packets which have the FIN flag set.

I'm using iptables.

In my rules I have this:
        .
        .
        .
        iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
        iptables -A INPUT -m state --state NEW -p tcp --tcp-flags ALL
        SYN -j ACCEPT

Thanks for the web:
        http://iptables-tutorial.frozentux.net


El jue, 04-11-2004 a las 12:14, Jan Minar escribió:
> Please don't use HTML.

Sorry!

> 
> On Wed, Nov 03, 2004 at 06:35:58PM +0100, Luis Pérez Meliá wrote:
> >    Is this a serious problem?
> 
> Maybe.  It is a very serious bug.
> 
> >    Test ID:11618  View Source Category:Firewalls Title:Remote host replies to
> >    SYN+FIN Summary:Sends a SYN+FIN packet and expects a SYN+ACK Description:
> >    The remote host does not discard TCP SYN packets which
> >    have the FIN flag set.
> 
> google/wikipedia will tell you what TCP SYN packets are, and why it's so
> important to filter them on the firewall.
> 
> >    Depending on the kind of firewall you are using, an
> >    attacker may use this flaw to bypass its rules.
> 
> So, which firewall are You using?
--

 .''`.     Luis Pérez Meliá
: :'  :    
`. `'`     
  `-  Debian GNU/Linux
Reply to: