Firewall Wizards mailing list archives
Re: FIN scanning
From: "Michael B. Rash" <mbr () math umd edu>
Date: Thu, 18 Nov 1999 10:13:44 -0500 (EST)
On Wed, 17 Nov 1999, Robert Graham wrote: : * TCP seqno prediction. Let's assume your FIN scan reveals that a rlogin : service is running but firewalled and that TCP sequence numbers are predictable : (nmap OS fingerprint). You can then possibly spoof connections from trusted : machines in order to log in. : : * FTP bounce. Read up on nmap's FTP bounce scans for more on this technique. : : * DoS. You can spoof your own RST and FIN packets to disrupt legitimate : communications. For example, let's assume a TCP connection between a host on : the DMZ and some internal logging service. You can then attack the host and : prevent logging from working right that might alert people to your attack. These examples were exactly what I was looking for. Thanks to all who responded. --Mike | "...Audiences know what to expect and that http://www.math.umd.edu/~mbr | is all they are prepared to believe in..."
Current thread:
- FIN scanning Michael B. Rash (Nov 17)
- Re: FIN scanning Bill Pennington (Nov 17)
- <Possible follow-ups>
- Re: FIN scanning Robert Graham (Nov 17)
- Re: FIN scanning Michael B. Rash (Nov 21)
- RE: FIN scanning LeGrow, Matt (Nov 17)