[svlug] what about those tcp flags?

Rick Schultz bloodyvikings at sbcglobal.net
Thu Mar 13 10:09:40 PST 2003


On Thu, Mar 13, 2003 at 12:32:50PM -0500, George Georgalis wrote:
>  --tcp-flags SYN,FIN SYN,FIN -j DROP # syn/fin-scan
>  --tcp-flags SYN,ACK,FIN,RST RST # Stealth-Scan but might be normal too --limit 5/m
>  --tcp-flags ALL FIN,URG,PSH -j DROP # nmap-xmas scan 
>  --tcp-flags ALL FIN # fin-scan
>  --tcp-flags ALL NONE # null-scan

Isn't that what --state INVALID is for?  Or does that miss some of
these?

-rick
----------------------------------------------------------------------
 Rick                This space intentionally          bloodyvikings@    
 Schultz                   left blank                  sbcglobal.net



More information about the svlug mailing list