Simon Smith wrote:
> Kelly,
> SYN packets and ports do not correlate. And yes, SYN is TCP. You should
> read up on TCP/IP etc so that you understand protocols before posting to
> mailing lists.
Maybe then you could explain how it works :-) From what I understand,
the RFC doesn't really specify how source ports should be generated for
new TCP sessions (Please someone correct me if I'm wrong, I am not
intimately familiar with that particular set of RFCs).
On my linux system I have currently have access to, the numbers I am
getting seem pretty random (59101, 49607, 40343, 54786, 38335, ...)
while the windows xp machine I am on seems to be rather sequential
(12050, 12065, 10293, ...).
Also, google claims that source ports have been used to identify worms
etc where the source ports have been hard coded into the packet engine.
Hopefully someone more familiar with the field responds :-)
- DEAN
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Nov 13 2007
Intro
