> > suggested blocking ECN. Article at:
> >
> > http://www.securityfocus.com/frames/?focus=ids&content=/focus/ids/articles/portscan.html
> >
> > the site is now ATM -- can someone briefly explain the logic in
> > blocking it?
>
> It is Queso they quoted not nmap, sorry -- same thing.
> The idea is to "detect" port scanners.
> Queso sets the two TCP reserved bits in the SYN (now allocated for ECN).
> Some OSes reflect that back in the SYN-ACK (Linux < 2.0.2? for example
> was such a culprit).
Does not that mean that Linux 2.0.10 mistakenly announces it is ECN
capable when offered ECN connection?
Pavel
-- I'm pavel@ucw.cz. "In my country we have almost anarchy and I don't care." Panos Katsaloulis describing me w.r.t. patents at discuss@linmodems.org - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/