| /freebsd/contrib/netbsd-tests/ipf/input/ |
| H A D | f13 | 2 # 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF,FO=0 SYN
17 # 1.1.1.1,1024 -> 2.1.1.1,25 TTL=63 TCP DF MF FO=0 SYN
27 # 1.1.1.1 -> 2.1.1.1 TTL=63 TCP DF FO=1 SYN
76 # 2.1.1.1,25 -> 1.1.1.1,1014 TTL=63 TCP DF SYN-ACK
|
| H A D | f17 | 1 # TCP 1.1.1.1,54076 -> 2.2.2.2,27 SYN
15 # TCP 1.1.1.1,54076 -> 2.2.2.2,27 SYN
22 # TCP 2.2.2.2,27 -> 1.1.1.1,54076 SYN-ACK
|
| H A D | ni19 | 1 # 192.168.113.3.1009 > 10.1.1.4.shell: SYN win 32768 <mss 1460,nop,wscale 0,sackOK,nop,nop,nop,nop,…
8 # 10.1.1.4.shell > 10.1.1.1.1009: SYN win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 2>
33 # 10.1.1.4.1023 > 10.1.1.1.1008: SYN win 5840 <mss 1460,sackOK,timestamp 3791140 0,nop,wscale 2>
40 # 192.168.113.3.1008 > 10.1.1.4.1023: SYN win 32768 <mss 1460,nop,wscale 0,nop,nop,timestamp 0 3791…
|
| H A D | ni20 | 1 # 192.168.113.3.1009 > 10.1.1.4.shell: SYN win 32768 <mss 1460,nop,wscale 0,sackOK,nop,nop,nop,nop,…
8 # 192.168.113.4.shell > 192.168.113.3.1009: SYN win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 2>
33 # 192.168.113.4.1023 > 192.168.113.3.1008: SYN win 5840 <mss 1460,sackOK,timestamp 3791140 0,nop,ws…
40 # 192.168.113.3.1008 > 10.1.1.4.1023: SYN win 32768 <mss 1460,nop,wscale 0,nop,nop,timestamp 0 3791…
|
| H A D | ni5 | 1 # 32818,21 SYN
7 # 21,32818 SYN+ACK
188 # 20,32819 SYN
194 # 32819,20 SYN+ACK
256 # 20,32820 2nd connection SYN
262 # 32820,20 SYN+ACK
|
| H A D | n10_6 | 1 # TCP SYN packet with an MSS option
|
| H A D | n10 | 1 # TCP SYN packet with an MSS option
|
| H A D | f12 | 1 # 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF SYN
|
| H A D | l1 | 1 # 1.1.1.1,1025 -> 2.2.2.2,25 TTL=63 TCP DF SYN
|
| /freebsd/share/examples/ipfilter/rules/ |
| H A D | example.6 | 2 # block all TCP packets with only the SYN flag set (this is the first
3 # packet sent to establish a connection) out of the SYN-ACK pair.
|
| H A D | example.sr | 13 # log all inbound TCP packets with the SYN flag (only) set
14 # (NOTE: if it were an inbound TCP packet with the SYN flag set and it
50 # block any inbound TCP packets with only the SYN flag set that are
|
| /freebsd/share/examples/ipfilter/ |
| H A D | example.14 | 13 # log all inbound TCP packets with the SYN flag (only) set
14 # (NOTE: if it were an inbound TCP packet with the SYN flag set and it
50 # block any inbound TCP packets with only the SYN flag set that are
|
| H A D | rules.txt | 94 # block all TCP packets with only the SYN flag set (this is the first
113 # log all inbound TCP packets with the SYN flag (only) set
114 # (NOTE: if it were an inbound TCP packet with the SYN flag set and it
150 # block any inbound TCP packets with only the SYN flag set that are
|
| H A D | examples.txt | 257 A more useful flag to filter on, for TCP connections, I find, is the SYN
270 If you wanted to block the replies to this (the SYN-ACK's), then you might
275 where SA represents the SYN-ACK flags both being set.
278 the TCP flags you are interested in checking. When using the SYN bit in a
280 defeated by a packet with SYN and URG flags, for example, set (to Unix, this
281 is the same as a plain SYN).
409 have the SYN flag set. If an entry is created with the SYN flag set, any
410 subsequent matching packet which doesn't have this flag set (ie a SYN-ACK)
|
| H A D | ipf-howto.txt | 1026 cumvented. Once the first SYN packet hits the ssh server,
1088 the original SYN packet destined to port 23, it only saw the
1089 SYN ACK. IPF is very good about following TCP sessions from
1215 that it's not just SYN packets that're allowed to go to port
1225 with a lone SYN flag will be allowed in and entered into the
1226 state table. A lone SYN flag is only present as the very
1231 scans will fail since they set flags other than the SYN
1240 matches against only the SYN packet out of all six
1272 rules are reached. The only scan this won't detect is a SYN
1274 even want to log all initial SYN packets.
[all …]
|
| /freebsd/contrib/ntp/include/ |
| H A D | ascii.h | 63 #define SYN 22 macro
|
| /freebsd/usr.sbin/kbdcontrol/ |
| H A D | lex.l | 101 SYN|syn { number = 22; return TNUM; }
|
| /freebsd/sbin/pfctl/ |
| H A D | pf.os | 5 # SYN signatures. Those signatures work for SYN packets only (duh!).
93 # zero in the initial SYN. This case is detected and handled appropriately.
119 # ss - overall SYN packet size
152 # capture of the relevant SYN packet(s)
169 # at SYN+ACK - does it look similar?
|
| /freebsd/share/examples/etc/ |
| H A D | README.examples | 43 pf.os - SYN fingerprint database
|
| /freebsd/contrib/tcpdump/ |
| H A D | CHANGES | 1847 options, "tcp[13] & 3 != 0" would print only TCP SYN and FIN
|
| /freebsd/contrib/ncurses/misc/ |
| H A D | terminfo.src | 24533 # SYN Synchronous Idle * ^F - - -
|