[svlug] what about those tcp flags?

Rick Schultz bloodyvikings at sbcglobal.net
Thu Mar 13 10:09:40 PST 2003

Previous message: [svlug] what about those tcp flags?
Next message: [svlug] Re: what about those tcp flags?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Mar 13, 2003 at 12:32:50PM -0500, George Georgalis wrote:
>  --tcp-flags SYN,FIN SYN,FIN -j DROP # syn/fin-scan
>  --tcp-flags SYN,ACK,FIN,RST RST # Stealth-Scan but might be normal too --limit 5/m
>  --tcp-flags ALL FIN,URG,PSH -j DROP # nmap-xmas scan 
>  --tcp-flags ALL FIN # fin-scan
>  --tcp-flags ALL NONE # null-scan

Isn't that what --state INVALID is for?  Or does that miss some of
these?

-rick
----------------------------------------------------------------------
 Rick                This space intentionally          bloodyvikings@    
 Schultz                   left blank                  sbcglobal.net

Previous message: [svlug] what about those tcp flags?
Next message: [svlug] Re: what about those tcp flags?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the svlug mailing list