Firewall Wizards mailing list archives

Re: PIX responding with SYN+ACK to SYN+ACK probe sent on open port

From: Martin Mačok <martin.macok () underground cz>
Date: Wed, 12 Jan 2005 15:17:20 +0100

On Wed, Jan 12, 2005 at 02:52:59PM +0100, stephane nasdrovisky wrote:

In general, an implementation must be conservative in its sending
behavior, and liberal in its receiving behavior.


Are we still talking about firewalls? ;-)

Related reading:
http://lists.megacity.org/pipermail/rfci-discuss/2004-September/002758.html

IMO, ignoring ACK flag in SYN packet is against TCP spec, not just
"liberal" acceptance in the mean of "not object to technical errors
where the meaning is still clear" (the same paragraph you are
quoting). It also poses some security risks, anyway...

Martin Mačok
ICT Security Consultant
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

PIX responding with SYN+ACK to SYN+ACK probe sent on open port Martin Mačok (Jan 11)
- Re: PIX responding with SYN+ACK to SYN+ACK probe sent on open port L Cubed (Jan 11)
  - Re: PIX responding with SYN+ACK to SYN+ACK probe sent on open port Martin Mačok (Jan 14)
    - Re: PIX responding with SYN+ACK to SYN+ACK probe sent on open port L Cubed (Jan 19)
- Re: PIX responding with SYN+ACK to SYN+ACK probe sent on open port L Cubed (Jan 11)
- <Possible follow-ups>
- RE: PIX responding with SYN+ACK to SYN+ACK probe sent on open port Smith, Aaron (Jan 11)
  - Re: PIX responding with SYN+ACK to SYN+ACK probe sent on open port stephane nasdrovisky (Jan 14)
    - Re: PIX responding with SYN+ACK to SYN+ACK probe sent on open port Martin Mačok (Jan 14)
    - Message not available
    - Re: PIX responding with SYN+ACK to SYN+ACK probe sent on open port Martin Mačok (Jan 14)
    - Re: PIX responding with SYN+ACK to SYN+ACK probe sent on open port Chuck Swiger (Jan 19)