Fri, May 30, 2014 at 10:58:14AM -0700, hiren panchasara wrote: > > clearing FIN bit for SYN packets was > > the standard behaviour of pf since approximately at least 10 years, > > > > http://svnweb.freebsd.org/base/vendor-sys/pf/dist/sys/contrib/pf/net/pf_norm.c?view=markup&pathrev=126258#l1242 > > I am curious, what's the rationale for this behavior? Why does PF > clear the FIN bit for such a packet being a firewall?
My understanding is that it is done to conceal specific reaction of the host's TCP stack that pf's "scrub" rule protects from the outer world scanning. -- Eygene Ryabinkin ,,,^..^,,, [ Life's unfair - but root password helps! | codelabs.ru ] [ 82FE 06BC D497 C0DE 49EC 4FF0 16AF 9EAE 8152 ECFB | freebsd.org ]
pgp88KR9TDhLp.pgp
Description: PGP signature
