In article <[EMAIL PROTECTED]>, Maciej Soltysiak <[EMAIL PROTECTED]> wrote: >> What is the iptables syntax I should use to create to detect inbound >> TCP packets with the ACK flag set, but there is no connection >> established, i.e. sender is looking for a return RST to see if a port >> is open or closed? > >try: >iptables -A INPUT -p tcp --tcp-flags ALL ACK -m state --state NEW -j > LOG --log-prefix "ACK: " > >This will log packets that have only ACK flag set and not being a part >of established connections.
Aren't such packets INVALID (or both NEW and INVALID)? -- Zygo Blaxell (Laptop) <[EMAIL PROTECTED]> GPG = D13D 6651 F446 9787 600B AD1E CCF3 6F93 2823 44AD
