Bugtraq mailing list archives
Re: TCP SYN probe detection tool available
From: avalon () coombs anu edu au (Darren Reed)
Date: Mon, 27 May 1996 15:14:30 +1000
In some mail from Brian Mitchell, sie said:
On Thu, 16 May 1996, Henri Karrenbeld wrote:I am afraid I do not read other security lists besides this one (I glance at Linux-alert and Linux-security occasionally when linux.dev.* mentions something)And of course stuff like cert-advisory, but in none of these have I seen what actually can be done with SYN packets... Could someone explain this?Services can be probed for. Let's take 2 short examples:
[...]
The bad guy now knows there is something on the port, but because the three way handshake has not been completed it is not logged, the bad guy can then send a rst tearing down the connection, since he has the information he is after. I think some time ago a detailed post was made to this list describing the various ways a stealth scanner could be implemented, although i'm not 100% sure.
There was, from myself and Chris Klaus. A point to remember was that done right, you could use other packets and not just SYN. Because of this, I wrote a tool which captured all TCP traffic via BPF, about what ports were trying to be accessed and analysed the results in a very weak way to determine if any sort of attack was being launched. darren
Current thread:
- Re: SunOS 4.1.4 fingerd, (continued)
- Re: SunOS 4.1.4 fingerd Ed Arnold (May 16)
- Re: SunOS 4.1.4 fingerd Patrick Ferguson (May 20)
- Re: SunOS 4.1.4 fingerd Eilon Gishri (May 21)
- Re: SunOS 4.1.4 fingerd Alan Brown (May 22)
- CERT Vendor-Initiated Bulletin VB-96.06 - FreeBSD CERT Bulletin (May 20)
- Re: SunOS 4.1.4 fingerd invalid opcode (May 16)
- Re: TCP SYN probe detection tool available Henri Karrenbeld (May 16)
- Re: TCP SYN probe detection tool available Brian Mitchell (May 16)
- Re: TCP SYN probe detection tool available Mike Neuman (May 16)
- Re: TCP SYN probe detection tool available Darren Reed (May 26)
- Re: TCP SYN probe detection tool available JaDe (May 16)