> -----Original Message-----
> From: Joachim Baran [mailto:jbaran@hildesheim.sgh-net.de]
> Sent: Thursday, January 07, 1999 10:12 AM
> To: linux-kernel@vger.rutgers.edu
> Cc: davem@caip.rutgers.edu; Eric.Schenk@dna.lth.se
> Subject: [Patch] IPv4 TCP security impovement
>
> The patch is very simple. It lets you toggle the behavior
> of how to react on packets to unconnected ports. This is
> done using Config.in.
As it is quite a small toggle really, it might be best to make this
a sysctl, rather than cluttering up the Configure scripts further.
> Scanning tools such as nmap (I guess it's pretty famous)
> used the ACK+RST, which would be sent if my option wouldn't
> be activated, to scan for open ports. My patch does nothing
> like that, it only prints a kernel message with level
> KERN_DEBUG like that:
>
> 127.0.0.1 tried closed TCP socket port 24
Doesn't this lead to a potential DoS ? For example, if someone ran multiple
scans against your box with faked IPs it could fill up the log partition.
It's also dubious as to whether anyone doing such a scan would be using
their real IP address anyway.
Tris.
--- Tristan Greaves (Systems Integrator) Enterprise Solutions ICL Tel: +44 (0)1344 472512 Lovelace Road Mobile: +44 (0)7970 194624 Bracknell RG12 8SN Mail: Tristan.Greaves@icl.com- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/