Hi,
Looking at this :
http://iptables-tutorial.frozentux.net/iptables-tutorial.html#SYNACKANDNEW
I understand that in order to prevent my ip address from being spoofed,
I should reject NEW packets with the SYN/ACK flags set and the others
cleared.
However, with the following nmap command I have tried to check it out :
nmap --scanflags SYNACK 192.168.0.1
all packets are known to be in the INVALID state rather than in the NEW
state.
state NEW tcp flags:FIN,SYN,RST,ACK/SYN,ACK -> 0 packet
state INVALID tcp flags:FIN,SYN,RST,ACK/SYN,ACK -> 170 packets
They talk about sequence number, as well, in the document, but I can't
figure out what difference it makes.
Did I miss anything ?
--
Franck Joncourt
http://www.debian.org - http://smhteam.info/wiki/
GPG server : pgpkeys.mit.edu
Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE
Looking at this :
http://iptables-tutorial.frozentux.net/iptables-tutorial.html#SYNACKANDNEW
I understand that in order to prevent my ip address from being spoofed,
I should reject NEW packets with the SYN/ACK flags set and the others
cleared.
However, with the following nmap command I have tried to check it out :
nmap --scanflags SYNACK 192.168.0.1
all packets are known to be in the INVALID state rather than in the NEW
state.
state NEW tcp flags:FIN,SYN,RST,ACK/SYN,ACK -> 0 packet
state INVALID tcp flags:FIN,SYN,RST,ACK/SYN,ACK -> 170 packets
They talk about sequence number, as well, in the document, but I can't
figure out what difference it makes.
Did I miss anything ?
--
Franck Joncourt
http://www.debian.org - http://smhteam.info/wiki/
GPG server : pgpkeys.mit.edu
Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE