[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: TCP Flags question



Thanks to everyone for an excellent discussion of TCP flags!  I'm going to
have to re-read all those TCP chapters in Stevens' book.
I used to think I was a knowledgeable networking person until I started
listening to you guys.  Maybe if I lurk enough I'll get there...
<> Jim
-----Original Message-----
From: Henning Brauer [mailto:hostmaster@bsws.de] 
Sent: Wednesday, December 11, 2002 8:02 AM
To: pf@benzedrine.cx
Subject: Re: TCP Flags question
On Tue, Dec 10, 2002 at 10:27:02PM -0600, James Nobis wrote:
> I use to use S/SA without much of a thought to it and nmap -O happily said
I was
> running Openbsd with scrub in all.  Upon changing my rule to a S/SAFPRU
you can
> nmap -O till you are blue in the face and nmap is clueless.  I think that
a
> decent advantage.  If you are just writing a rule for inbound connections
ie a
> webserver and you keep state then S/SAFPRU will make detection of the os
> difficult if not impossible (assuming you block all other ports that
aren't
> open.)  It all falls upon how paranoid you are I suppose.
oh wow, a real advantage.
if someone wants to know I'm running OpenBSD he just needs to read our
website.
-- 
Henning Brauer, BS Web Services, http://bsws.de
hb@bsws.de - henning@openbsd.org
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)