Firewall Wizards: Re: PIX responding with SYN+ACK to SYN+ACK probe sent on open port

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Firewall Wizards mailing list archives

Re: PIX responding with SYN+ACK to SYN+ACK probe sent on open port

From: Martin Mačok <martin.macok () underground cz>
Date: Wed, 12 Jan 2005 15:17:20 +0100

On Wed, Jan 12, 2005 at 02:52:59PM +0100, stephane nasdrovisky wrote:

In general, an implementation must be conservative in its sending
behavior, and liberal in its receiving behavior.


Are we still talking about firewalls? ;-)

Related reading:
http://lists.megacity.org/pipermail/rfci-discuss/2004-September/002758.html

IMO, ignoring ACK flag in SYN packet is against TCP spec, not just
"liberal" acceptance in the mean of "not object to technical errors
where the meaning is still clear" (the same paragraph you are
quoting). It also poses some security risks, anyway...

Martin Mačok
ICT Security Consultant
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

By Date By Thread

Current thread:

Re: PIX responding with SYN+ACK to SYN+ACK probe sent on open port, (continued)
- Re: PIX responding with SYN+ACK to SYN+ACK probe sent on open port L Cubed (Jan 11)
- RE: PIX responding with SYN+ACK to SYN+ACK probe sent on open port Smith, Aaron (Jan 11)
  - Re: PIX responding with SYN+ACK to SYN+ACK probe sent on open port stephane nasdrovisky (Jan 14)
    - Re: PIX responding with SYN+ACK to SYN+ACK probe sent on open port Martin Mačok (Jan 14)
    - Message not available
    - Re: PIX responding with SYN+ACK to SYN+ACK probe sent on open port Martin Mačok (Jan 14)
    - Re: PIX responding with SYN+ACK to SYN+ACK probe sent on open port Chuck Swiger (Jan 19)