<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Firewall Wizards: Re: PIX responding with SYN+ACK to SYN+ACK probe sent on open port

Re: PIX responding with SYN+ACK to SYN+ACK probe sent on open port

From: Martin Mačok <martin.macok_at_underground.cz>
Date: Wed, 12 Jan 2005 15:17:20 +0100

On Wed, Jan 12, 2005 at 02:52:59PM +0100, stephane nasdrovisky wrote:

> In general, an implementation must be conservative in its sending
> behavior, and liberal in its receiving behavior.

Are we still talking about firewalls? ;-)

Related reading:
http://lists.megacity.org/pipermail/rfci-discuss/2004-September/002758.html

IMO, ignoring ACK flag in SYN packet is against TCP spec, not just
"liberal" acceptance in the mean of "not object to technical errors
where the meaning is still clear" (the same paragraph you are
quoting). It also poses some security risks, anyway...

Martin Mačok
ICT Security Consultant
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Jan 14 2005

This message: [ Message body ]
Next message: Ng Pheng Siong: "Re: External Load Balancing"
Previous message: John Hall: "Re: Re: External Load Balancing"
Maybe in reply to: L Cubed: "Re: PIX responding with SYN+ACK to SYN+ACK probe sent on open port"
Next in thread: L Cubed: "Re: PIX responding with SYN+ACK to SYN+ACK probe sent on open port"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]