[clug] Blocking wierd packets...
kim.holburn at anu.edu.au
Wed Aug 4 06:20:12 GMT 2004
Yeah, I have rule that does that.
$IPTABLES -A FORWARD -m state --state INVALID -j DROP
probably a good idea.
On 2004 Aug 4, , at 1:12 PM, Martijn van Oosterhout wrote:
> My firewall is dropping whacky packets looking like:
> ip_conntrack_tcp: INVALID: Out of window data; SEQ is over the upper
> bound (over the window of the receiver)
> ip_conntrack_tcp: INVALID: invalid TCP flag combination
> ip_conntrack_tcp: INVALID: bad TCP checksum
> Should I worry about this? Seems to me dropping them is a pretty safe
> thing to do in any case... Maybe the latest virus?
> Martijn van Oosterhout <kleptog at svana.org>
>> Patent. n. Genius is 5% inspiration and 95% perspiration. A patent is
>> tool for doing 5% of the work and then sitting around waiting for
>> else to do the other 95% so you can sue them.
> linux mailing list
> linux at lists.samba.org
IT Manager, Canberra Research Laboratory
National Information and Communication Technology Australia
Ph: +61 2 61258620 M: +61 417820641
Email: kim.holburn at anu.edu.au - PGP Public Key on request
Cacert Root Cert: http://www.cacert.org/index.php?id=16 ->
Aust. Spam Act: To stop receiving mail from me: reply and let me know.
Democracy imposed from without is the severest form of tyranny.
-- Lloyd Biggle, Jr. Analog, Apr 1961
More information about the linux