Full Disclosure mailing list archives

Re: SYN ACK scans to random ports

From: Jan Murawski <der () oelgoetze de>
Date: Tue, 24 Sep 2013 21:02:59 +0200

For example nmap can randomize the list of scanned ports. I guess, that
is supposed to confuse people :)


Le 24/09/2013 16:34, Fabio a écrit :

Il 24/09/13 14:49, silence_is_best () hushmail com ha scritto:

Can someone explain the point of a SYN ACK scan to random high ports?  I
usually see a fair amount of these...at first I thought it was maybe a
block to an initiating SYN packet, but I don't see any evidence that the
SYN ACK isn't the first packet seen.  Danke.



Typically an ACK or SYN ACK scan is used to map out firewall rulesets,
determining whether they are stateful or not and which ports are filtered.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

SYN ACK scans to random ports silence_is_best (Sep 24)
- Re: SYN ACK scans to random ports Fabio (Sep 24)
  - Re: SYN ACK scans to random ports Jan Murawski (Sep 25)
- Re: SYN ACK scans to random ports Crist Clark (Sep 24)
  - Re: SYN ACK scans to random ports silence_is_best (Sep 25)
    - Re: SYN ACK scans to random ports Justin Ferguson (Sep 25)