Firewall Wizards mailing list archives

Re: RST's and ACK's and stealth scans

From: darrenr () reed wattle id au
Date: Sun, 3 May 1998 16:07:59 +1000 (EST)

In some email I received from HSKarim, sie wrote:


2. Can I assume that when My firewall sends RST that the packet reveals
nothing more than the fact that the connection was refused,whether the ACK bit
is set or not?


That all depends on the various code paths through the kernel and how they
fill in or copy values into the TCP header.

3. If RST was sent and window size is 0 (ACK or no ACK) I conclude that my
firewall really does not want to talk... Is this a correct conclusion?

No.

Current thread:

RST's and ACK's and stealth scans HSKarim (May 02)
- Re: RST's and ACK's and stealth scans darrenr (May 03)
- <Possible follow-ups>
- Re: RST's and ACK's and stealth scans Steve Bellovin (May 02)
- Re: RST's and ACK's and stealth scans Vern Paxson (May 02)
- Re: RST's and ACK's and stealth scans HSKarim (May 04)
- RE: RST's and ACK's and stealth scans Franz, Matt (May 09)
- Re: RST's and ACK's and stealth scans HSKarim (May 09)