Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Crafted SYN Packets...
From: Paul Schmehl <pauls () utdallas edu>
Date: Tue, 13 Nov 2007 16:46:41 -0600

--On Tuesday, November 13, 2007 17:38:39 -0500 Simon Smith 
<simon () snosoft com> wrote:

      SYN packets and ports do not correlate.

Huh?  You'd better explain what you mean here a little further.

And yes, SYN is TCP.

You mean SYN is TCP *only*, not UDP.

You should
read up on TCP/IP etc so that you understand protocols before posting to
mailing lists.

Kelly Robinson wrote:
Looking at some suspicious behaviour in our logs...

If someone sends a packet with the SYN bit set to a host, typically what
is the client's source port? Or is that crafted too?

It can be but doesn't have to be.

Paul Schmehl (pauls () utdallas edu)
Senior Information Security Analyst
The University of Texas at Dallas

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]