Re: PIX responding with SYN+ACK to SYN+ACK probe sent on open port

[L Cubed <lllcubed () gmail com>]

On Mon, 10 Jan 2005 20:47:21 +0100, Martin Mačok
<martin.macok () underground cz> wrote:
snip, snip, snip

> Please, could you test sending SYN+ACK probe against an open port on
> your PIX boxes and drop me a note what happens in your case? Do you
> get (a) nothing (b) ICMP unreachable (c) RST or (d) SYN+ACK reply?
>
> Howto:
> % hping2 -S -A -c 1 -p <open_tcp_port> <pix>
>
> Or send me your PIX's IP:port privately if it is accessible from the
> Internet and I will test it by myself. (Just a few packets, absolutely
> harmless)

However, if you send it to an open udp port, you do get a response...

abox# /usr/sbin/hping2 -S -A -c 1 -p 500 a.b.c.d
HPING a.b.c.d (fxp a.b.c.d): SA set, 40 headers + 0 data bytes
len=46 ip=a.b.c.d ttl=44 id=63207 sport=500 flags=RA seq=0 win=512 rtt=75.7 ms

--- a.b.c.d hping statistic ---
1 packets tramitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 75.7/75.7/75.7 ms
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards