Thanks to everyone for an excellent discussion of TCP flags! I'm going to have to re-read all those TCP chapters in Stevens' book.
I used to think I was a knowledgeable networking person until I started listening to you guys. Maybe if I lurk enough I'll get there... <> Jim -----Original Message----- From: Henning Brauer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 11, 2002 8:02 AM To: [EMAIL PROTECTED] Subject: Re: TCP Flags question On Tue, Dec 10, 2002 at 10:27:02PM -0600, James Nobis wrote: > I use to use S/SA without much of a thought to it and nmap -O happily said I was > running Openbsd with scrub in all. Upon changing my rule to a S/SAFPRU you can > nmap -O till you are blue in the face and nmap is clueless. I think that a > decent advantage. If you are just writing a rule for inbound connections ie a > webserver and you keep state then S/SAFPRU will make detection of the os > difficult if not impossible (assuming you block all other ports that aren't > open.) It all falls upon how paranoid you are I suppose. oh wow, a real advantage. if someone wants to know I'm running OpenBSD he just needs to read our website. -- Henning Brauer, BS Web Services, http://bsws.de [EMAIL PROTECTED] - [EMAIL PROTECTED] Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
