|
Full Disclosure
mailing list archives
Re: SYN ACK scans to random ports
From: Crist Clark <cjclark () alum mit edu>
Date: Tue, 24 Sep 2013 21:29:24 -0700
Backscatter. Someone may be sending out spoofed SYNs. The target sends
SYN-ACKs to the spoofed source, you. What's the source port? A well known
service? Do the source addresses really have reachable services on those
ports?
On Sep 24, 2013 7:25 AM, <silence_is_best () hushmail com> wrote:
Can someone explain the point of a SYN ACK scan to random high ports? I
usually see a fair amount of these...at first I thought it was maybe a
block to an initiating SYN packet, but I don't see any evidence that the
SYN ACK isn't the first packet seen. Danke.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
