James Cammarata wrote: > The one thing that stuck out to me was this (from their report): "remote > host does not discard TCP SYN packets that also have the FIN flag > set." This note appeared for every visible server they probed. Now, I
scrub removes ambiguities, in this case the FIN flag. The servers they probed never saw the SYN,FIN packets, but since those packets didn't get dropped either, you/they go this false positive. To confirm the scrubbing (just to be sure), you could run a tcpdump behind the firewall and try to get SF packets through it. Moritz
