[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TCP Flags question
> > Also, is flags S/SAFPRU better than flags S/SA?
> I don't buy that.
> S/SAFR perhaps.
> I think the advantage of filtering on flags is overestimated.
I use to use S/SA without much of a thought to it and nmap -O happily said I was
running Openbsd with scrub in all. Upon changing my rule to a S/SAFPRU you can
nmap -O till you are blue in the face and nmap is clueless. I think that a
decent advantage. If you are just writing a rule for inbound connections ie a
webserver and you keep state then S/SAFPRU will make detection of the os
difficult if not impossible (assuming you block all other ports that aren't
open.) It all falls upon how paranoid you are I suppose.