strange MS visits
William Park
opengeometry-FFYn/CNdgSA at public.gmane.org
Thu Dec 2 23:52:57 UTC 2004
> Henry Spencer wrote:
> > On Thu, 2 Dec 2004, Andrew Hammond wrote:
> >>Why DROP or REJECT when you can TARPIT?
> >
> >
> > For services where you do have a daemon that's going to answer on
> > the port, you can get somewhat the same effect without any patches:
> > pass *only* packets that have the SYN bit set, and discard any that
> > don't. To the other end, it looks like his connection succeeded,
> > but he can't seem to get any response from it. To your end, the
> > connection hasn't *quite* succeeded yet, and so your system doesn't
> > bother the daemon about it.
> >
> > (TCP connection setup uses a "three-way" handshake: initiator sends
> > a request, responder replies with approval, initiator sends
> > confirmation. Only the first two of those have the SYN bit set.)
Once I accept the packet with SYN bit set, doesn't IPTable consider any
subsequent packets ESTABLISHED or RELATED (otherwise, previously
"seen")? Or, is IPTable smart enough to know that remote is requesting
TCP connection which is in the middle of being established?
--
William Park <opengeometry-FFYn/CNdgSA at public.gmane.org>
Linux solution for data processing.
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list