Firewall to block packets with RESET flag
Results 1 to 5 of 5

Thread: Firewall to block packets with RESET flag

  1. #1
    Junior Member
    Join Date
    Dec 2003
    Posts
    8

    Firewall to block packets with RESET flag

    Hello,

    I am looking for a firewall or similiar piece of software, preferably free, that will allow me to drop packets if they have the RESET flag set, and make other powerful rules like that.

    It could run on either Linux or windows.

    Thanks for the help!

  2. #2

  3. #3
    Senior Member
    Join Date
    Mar 2003
    Posts
    245
    Just about any stateful packet filter should be able to do this, but you want to be careful. I have seen a bunch
    of broke firewalls where folks are droping RST & FIN. Sure, many sophisticated scans use these to attempt
    to figure out what the remote host is based on the response, but they are in TCP for a reason and you'll
    get some damned wierd results if external hosts can't get a FIN through to your network (such as when a
    download finishes and the remote end sends FIN to let the client know the transfer is complete).

    A better approach is to drop any initial packets with anything other than just SYN set if establishing an
    inbound connection to a service on your network, or anything other than SYN/ACK set in response to one
    of your clients request to establish a connection. Anything else URG, PSH, FIN. seen in the initial packets
    from a remote host should be treated with extreme suspicion, or dropped.

    Whew!

    Happy Holidays

    -- spurious
    Get OpenSolaris http://www.opensolaris.org/

  4. #4
    Junior Member
    Join Date
    Dec 2003
    Posts
    8
    Thanks for your reply, spurious_inode, but I wasn't going to block all packets like that, just from a certain host that I am doing some experimenting with. With permission, of course!

  5. #5
    Senior Member
    Join Date
    Apr 2002
    Posts
    634
    NetFilter/IPtables, which is the default built-in Linux firewall is able to do so.

    You should try a rule like:
    #iptables -A INPUT -m state --state NEW -p tcp -s your-target-ip --tcp-flags RST -j DROP
    Life is boring. Play NetHack... --more--

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •