On Monday 26 January 2004 01:50 am, luca wrote:> hi to all!!
> i have this problem...
> I tried to scan my firewall shorewall with NESSUS and i have this
> message...
>
>
> "The remote host does not discard TCP SYN packets which
> have the FIN flag set.
>
> Depending on the kind of firewall you are using, an
> attacker may use this flaw to bypass its rules.
> See also :
> http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html
> http://www.kb.cert.org/vuls/id/464113
>
> Solution : Contact your vendor for a patch
> Risk factor : Medium
> BID : 7487"
>
> could you tell me where is the problem and how could i solve it?
> thankx to all..
You need to set the ''tcpflags'' option on your
firewall''s external interface in
/etc/shorewall/interfaces:
You could have gotten this answer much faster by:
a) Going to the Shorewall web site.
b) Typing "FIN" in the search form at the top of the page.
c) Clicking on "Search"
d) Reading the first returned result...
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net