> > Also, is flags S/SAFPRU better than flags S/SA? > > I don't buy that. > S/SAFR perhaps. > I think the advantage of filtering on flags is overestimated.
I use to use S/SA without much of a thought to it and nmap -O happily said I was running Openbsd with scrub in all. Upon changing my rule to a S/SAFPRU you can nmap -O till you are blue in the face and nmap is clueless. I think that a decent advantage. If you are just writing a rule for inbound connections ie a webserver and you keep state then S/SAFPRU will make detection of the os difficult if not impossible (assuming you block all other ports that aren't open.) It all falls upon how paranoid you are I suppose. [EMAIL PROTECTED] [EMAIL PROTECTED]
