Hello Henning, Tuesday, July 22, 2003, 8:08:55 PM, you wrote:
Henning> On Tue, Jul 22, 2003 at 07:27:07PM -0300, Alejandro G. Belluscio wrote: >> effective to block attacks. I don't think he refers to stateful >> filtering. Henning> Oh no! stateful filtering is a Good Thing (tm) >> Which are very related Henning> not really. I concur, but at least in my mind it's easier to picture TCP states as starting with a SYN/SYN+ACK/ACK. If I understand correctly, if I use keep state, after the first SYN, it will go directly to the state table and so it won't go throu the rules. If it wasn't a SYN i won't make a state because nothing should answer. So either way it doesn't matters because the state checking code is doing all this work, right? The only reason would be to stop certain scanning techniques (which is like trying security throu obscurity, Not A Good Thing) or really braind damaged TCP stacks. So it's not really a best practice. I just wonder if some hash attack could be used against the state matching code without flags, like the recens DNS attack. http://www.cs.rice.edu/~scrosby/hash/ -- Best regards, Alejandro Belluscio
