I have been doing some attack attempts on my fws and they all seem to not discard TCP SYN packets which have the FIN flag set. Is there a way to configure shorewall to dicard these packages? Should I worry? Best Regards, Kenneth.
> I have been doing some attack attempts on my fws and they all seem to > not discard TCP SYN packets which have the FIN flag set. > Is there a way to configure shorewall to dicard these packages? > >If you set the ''tcpflags'' option on the interface you are testing to, SYN,FIN should be dropped. Are you saying that you don''t think this is happening? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline \ shorewall.net Washington, USA \ teastep@shorewall.net