[ale] iptables issue
Jerry Yu
jjj863 at gmail.com
Tue Jul 18 20:20:41 EDT 2006
The need to block outbound FIN is as much a need as you want to have an
egress filtering in place. For FIN itself, outbound FIN could be used in
volume as part of a dDoS attack to cripple a victim who responds to such a
FIN with a RST.
On 7/17/06, Jason Lunz <lunz at falooley.org> wrote:
>
> jimpop at yahoo.com said:
> I don't see why you'd need to block any outbound FIN. The purpose of the
> FIN packets is for one host to tell the other that it's closed the
> session. The FIN sender waits for the FIN packet to be ACKnowledged. If
> for whatever reason the other end doesn't ACK (maybe the other end
> crashed or went off the net), the FINs will be resent just in case
> until some timer expires. If this timer is longer than the timer the
> iptables code uses to decide whether to keep tracking the session, it
> will think the next FIN isn't part of any session (even though it is).
>
> It's harmless. I'd just ignore them.
>
> Jason
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Ale
mailing list