Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: SYN ACK scans to random ports
From: Crist Clark <cjclark () alum mit edu>
Date: Tue, 24 Sep 2013 21:29:24 -0700

Backscatter. Someone may be sending out spoofed SYNs. The target sends
SYN-ACKs to the spoofed source, you. What's the source port? A well known
service? Do the source addresses really have reachable services on those
ports?
On Sep 24, 2013 7:25 AM, <silence_is_best () hushmail com> wrote:

Can someone explain the point of a SYN ACK scan to random high ports?  I
usually see a fair amount of these...at first I thought it was maybe a
block to an initiating SYN packet, but I don't see any evidence that the
SYN ACK isn't the first packet seen.  Danke.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]