Firewall Wizards mailing list archives

Re: Iptables doesn't block SYN-FIN packets?

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Thu, 31 Jan 2002 20:56:51 -0500 (EST)


Are you sure they are getting through?  Is snort running in ront of the
fw?  On the fw?  or on a system behind the fw and seeing the scans?  Are
your fw rules set to only allow connections outbound to work?

Thanks,

Ron DuFresne

On Thu, 31 Jan 2002, Ascent - Compton, Richard wrote:

Hello, 
I'm running an iptables firewall and I thought that everything was well but
my snort logs are recording SYN-FIN portscans getting through.  
I have two questions:
Is anyone here familiar with the problem of iptables not blocking SYN-FIN
packets?  
Nmap doesn't seem to do SYN-FIN scans. Is there a portscanner that you guys
know about that I could use to test the effectiveness of my firewall?

Thanks,
Rich Compton
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards


-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Iptables doesn't block SYN-FIN packets? Ascent - Compton, Richard (Jan 31)
- Re: Iptables doesn't block SYN-FIN packets? R. DuFresne (Feb 01)
- Re: Iptables doesn't block SYN-FIN packets? Dave Watkins (Feb 01)
- Re: Iptables doesn't block SYN-FIN packets? Fabio Pietrosanti (naif) (Feb 01)