Security Incidents mailing list archives
Re: pop-2 scanning
From: lamont () ICOPYRIGHT COM (Granquist, Lamont)
Date: Fri, 17 Mar 2000 10:55:00 -0800
SYN + any combination of FIN|PSH|URG will usually get you a SYN-ACK or RST. I think some linux stacks may have responded to SYN|FIN with SYN|FIN|ACK allowing a bit of O/S detection. http://www.securityportal.com/list-archive/bugtraq/1998/Jul/0060.html http://www.securityportal.com/list-archive/bugtraq/1998/Jul/0090.html http://www.securityportal.com/list-archive/bugtraq/1998/Jul/0106.html On Wed, 15 Mar 2000 tdunn () www BAYSOFT NET wrote:
we are recieving pop-2 scans from various sources also. Initially we saw SYN/FIN packets, then they were followed by SYN - SYN/FIN packets, sorta link hanging up the phone before you can answer type of thing, an associate of mine had a theory that older versions of linux and BSD might respond to that sequence with FIN/ACK, anyone know if thats true or not ???
Current thread:
- pop-2 scanning tdunn () BAYSOFT NET (Mar 15)
- Re: pop-2 scanning Granquist, Lamont (Mar 17)