Operating System - HP-UX
1839144 Members
4260 Online
110136 Solutions
New Discussion

Re: TCP SYN with flag FIN enable

 
Daniel Caçador
Regular Advisor

TCP SYN with flag FIN enable

How I block package TCP SYN with Flag FIN enable?

Tanks
7 REPLIES 7
rick jones
Honored Contributor

Re: TCP SYN with flag FIN enable

Probably via ipfilter, but given that "Christmas tree" TCP segements are legal TCP segments, if perhaps as rare as hen's teeth, why are you wanting to block a SYN with the FIN set?
there is no rest for the wicked yet the virtuous have no pillows
Daniel Caçador
Regular Advisor

Re: TCP SYN with flag FIN enable

Please tell me: You it would block? Because?

Tanks!
Steven E. Protter
Exalted Contributor

Re: TCP SYN with flag FIN enable

Daniel,

Can you provide a more detailed description of why you wish to do this?

OS Version,

netstat or log output. Tell me why this needs to be done. There may be other solutions.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Daniel Caçador
Regular Advisor

Re: TCP SYN with flag FIN enable

I need to know if he has risk in not blocking the packages SYN and FIN. I need to block? Exists some form of port scanner where these packages can harm me? Well, I am using HP-UX 11i. Somebody have some manual of the TCP/IP? Perhaps either ignorance mine. Very obliged!
Robert Fritz
Regular Advisor

Re: TCP SYN with flag FIN enable

take a look at the "flags" keyword in ipfilter. That said, I'm not sure why you're singling out these. vs. the other possible "christmas tree" TCP packets.

Reference page:
http://docs.hp.com/en/B9901-90014/ch02s03.html
Those Who Would Sacrifice Liberty for Security Deserve Neither." - Benjamin Franklin
rick jones
Honored Contributor

Re: TCP SYN with flag FIN enable

I am not personally aware of any security risks to the HP-UX TCP stack in letting it process TCP segments with both the SYN and FIN bits set in the header.

That said, if you still wish to block such traffic you are free to do so and I suspect ipfilter is the way to do it. Ipfilter manuals should be online at docs.hp.com.

there is no rest for the wicked yet the virtuous have no pillows
Daniel Caçador
Regular Advisor

Re: TCP SYN with flag FIN enable

After all aid and some research... I am understanding and already I know that it is not interesting to block these packages beyond the risks being few.

Very obliged to all.