[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TCP Flags question

On Tue, Dec 10, 2002 at 11:48:05AM -0300, Alejandro G. Belluscio wrote:
> Hello henning,
> Monday, December 09, 2002, 9:12:42 PM, you wrote:
> henning> On Mon, Dec 09, 2002 at 06:32:01PM -0500, Small, Jim wrote:
> >> May I ask why you prefer S/SAFR vs. S/SA or S/SAFPRU?
> henning> I don't.
> henning> S/SA, S/SAFR - I don't care.
> henning> as said, this overengineered filtering based on flags just
> henning> has no net effect. if someone wants to create a state with
> henning> SYN + RST, heck, let him. oh, this could crash windows? i
> henning> don't care.
> I usually have to protect Windows machines. Most of them Win95 and
> Win98. S/SAFR is my minumum. It's a valid choice.
this was a joke. I don't think that SYN+RST crashes windows, but I don't
know (nor do I care). S/SAFR is probably the most "correct" choice. P and U
are so unrelated that I don't see a reason why you should even care to look
at them.
hmm. didn't linux have some problem with SYN+RST recently...?
Henning Brauer, BS Web Services, http://bsws.de
hb@bsws.de - henning@openbsd.org
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)