Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Crafted SYN Packets...
From: Paul Schmehl <pauls () utdallas edu>
Date: Tue, 13 Nov 2007 16:46:41 -0600

--On Tuesday, November 13, 2007 17:38:39 -0500 Simon Smith 
<simon () snosoft com> wrote:

Kelly,
      SYN packets and ports do not correlate.

Huh?  You'd better explain what you mean here a little further.

And yes, SYN is TCP.

You mean SYN is TCP *only*, not UDP.

You should
read up on TCP/IP etc so that you understand protocols before posting to
mailing lists.

Kelly Robinson wrote:
Looking at some suspicious behaviour in our logs...

If someone sends a packet with the SYN bit set to a host, typically what
is the client's source port? Or is that crafted too?

It can be but doesn't have to be.

-- 
Paul Schmehl (pauls () utdallas edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]