[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TCP Flags question



On Wed, Dec 11, 2002 at 03:07:20PM +0100, Saad Kadhi wrote:
> Last time I checked QualysGuard(tm), a 'block in quick  on  $external_if
> proto tcp from any to any flags FUP' stopped  them  from  fingerprinting
> the OS. That said, they also reported that PF (as of 3.0) was vulnerable
> to  packet  fragmentation   (indeed   I   had   scrub   activated.   see
> http://marc.theaimsgroup.com/?l=openbsd-misc&m=101541311510238&w=2).
 If you really want it...
 block in log quick proto tcp all flags SF/SFRA
 block in log quick proto tcp all flags SFUP/SFRAU
 block in log quick proto tcp all flags FPU/SFRAUP
 block in log quick proto tcp all flags /SFRA
 block in log quick proto tcp all flags F/SFRA
 block in log quick proto tcp all flags U/SFRAU
 block in log quick proto tcp all flags P
-- 
gustavo
DCCC F540 C429 5636 EECF  5816 28E6 792E D820 15DE