Re: Logging unserved ports

Jamie Lokier (lkd@tantalophile.demon.co.uk)
Thu, 10 Dec 1998 17:40:37 +0000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Steven S. Dick: "Re: Can this CD/Floppy Behaviour be Done? [offtopic?]"
Previous message: j3yang@netcom.ca: "Linux 2.1.xxx TCP bug"

On Tue, Dec 08, 1998 at 11:06:34PM -0500, linux-kernel@progressive-comp.com wrote:
> Actually I cloned this functionality in a kernel patch a while back, for
> pretty much the same reason you're looking (got used to the TIS fw logging
> of unserved ports, and missed it). I also added detection of bad/invalid
> TCP flag combinations (such as RST+SYN, FIN+SYN, etc). It detects,
^^^^^^^
> confuses, and/or defeats a number of stealth scanning or stack-
> identification tools such as nmap, queso, etc. I make no claims that it's
> perfect, or cleanly done (or that it works at all, for that matter ;).

FIN+SYN is valid under some circumstances, is it not?

-- Jamie

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Steven S. Dick: "Re: Can this CD/Floppy Behaviour be Done? [offtopic?]"
Previous message: j3yang@netcom.ca: "Linux 2.1.xxx TCP bug"