[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: packet filter fingerprinting(open but closed, closed but filtered)

To: misc@openbsd.org
Subject: Re: Fwd: packet filter fingerprinting(open but closed, closed but filtered)
From: Henning Brauer <lists-openbsd@bsws.de>
Date: Tue, 2 Apr 2002 01:25:16 +0200
Content-Disposition: inline
Mail-Followup-To: misc@openbsd.org
References: <5.1.0.14.2.20020401204908.00ac5848@mail.olografix.org>

On Mon, Apr 01, 2002 at 09:05:12PM +0200, Black Berry wrote:
> >recently playing with raw sockets and PF (OpenBSD 3.0) i noticed
> >that when you have return-rst rule for some tcp packet, ttl field
> >in ip header of rst packet, that is sent by PF, equals 128, while
> >default ttl for OpenBSD 3.0 is 64, so we can actually see what
> >tcp ports are blocked by pf and which are open, but closed(nothing
> >on them).

this behaviour has already been changed.

-- 
http://2suck.net/hhwl.html
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

References:
- Fwd: packet filter fingerprinting(open but closed, closed but filtered)
  - From: Black Berry <berry@sikurezza.org>

Prev by Date: Re: pf/bridge stops passing packets
Next by Date: Firewall Builder 1.0.1 with pf/ipf support
Prev by thread: Re: packet filter fingerprinting(open but closed, closed but filtered)
Next by thread: How to set up PPP server over PPPOE?
Index(es):
- Date
- Thread