[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

fingerprinting / pf and return-rst

To: tech_(_at_)_openbsd_(_dot_)_org
Subject: fingerprinting / pf and return-rst
From: glaive_(_at_)_vaned_(_dot_)_net
Date: Sun, 16 Jun 2002 12:06:37 -0500
Mail-followup-to: tech_(_at_)_openbsd_(_dot_)_org

the reset packet returned by a "return-rst" rule in pf differs slightly
from a regular reset packet on a non-listening port (namely pf does
not set dont fragment)

is this behaviour known?  i apoligize if this has already been
brought up, i did not see it in the lists.  the machine is
running -current from a couple weeks ago.

non-pf
1.2.3.1.6787 > 1.2.3.5.49: S 3096013632:3096013632(0) win 16384
<mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 252827829 0> (DF)
[tos 0x10]
1.2.3.5.49 > 1.2.3.1.6787: R 0:0(0) ack 3096013633 win 0 (DF)

pf return-rst
1.2.3.1.10814 > 1.2.3.5.50: S 3492113667:3492113667(0) win 16384
<mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 252827864 0> (DF)
[tos 0x10]
1.2.3.5.50 > 1.2.3.1.10814: R 0:0(0) ack 3492113668 win 0

regards

Follow-Ups:
- Re: fingerprinting / pf and return-rst
  - From: Philipp Buehler

Prev by Date: Re: Question on PF rules
Next by Date: Re: fingerprinting / pf and return-rst
Previous by thread: Re: Question on PF rules
Next by thread: Re: fingerprinting / pf and return-rst
Index(es):
- Date
- Thread

Visit your host, monkey.org