[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: TCP Flags question
Thanks to everyone for an excellent discussion of TCP flags! I'm going to
have to re-read all those TCP chapters in Stevens' book.
I used to think I was a knowledgeable networking person until I started
listening to you guys. Maybe if I lurk enough I'll get there...
From: Henning Brauer [mailto:email@example.com]
Sent: Wednesday, December 11, 2002 8:02 AM
Subject: Re: TCP Flags question
On Tue, Dec 10, 2002 at 10:27:02PM -0600, James Nobis wrote:
> I use to use S/SA without much of a thought to it and nmap -O happily said
> running Openbsd with scrub in all. Upon changing my rule to a S/SAFPRU
> nmap -O till you are blue in the face and nmap is clueless. I think that
> decent advantage. If you are just writing a rule for inbound connections
> webserver and you keep state then S/SAFPRU will make detection of the os
> difficult if not impossible (assuming you block all other ports that
> open.) It all falls upon how paranoid you are I suppose.
oh wow, a real advantage.
if someone wants to know I'm running OpenBSD he just needs to read our
Henning Brauer, BS Web Services, http://bsws.de
firstname.lastname@example.org - email@example.com
Unix is very simple, but it takes a genius to understand the simplicity.