Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: pop-2 scanning

From: lamont () ICOPYRIGHT COM (Granquist, Lamont)
Date: Fri, 17 Mar 2000 10:55:00 -0800

SYN + any combination of FIN|PSH|URG will usually get you a SYN-ACK or
RST.  I think some linux stacks may have responded to SYN|FIN with
SYN|FIN|ACK allowing a bit of O/S detection.

http://www.securityportal.com/list-archive/bugtraq/1998/Jul/0060.html
http://www.securityportal.com/list-archive/bugtraq/1998/Jul/0090.html
http://www.securityportal.com/list-archive/bugtraq/1998/Jul/0106.html

On Wed, 15 Mar 2000 tdunn () www BAYSOFT NET wrote:

we are recieving pop-2 scans from various sources also.
Initially we saw SYN/FIN packets, then they were followed
by SYN - SYN/FIN packets, sorta link hanging up the phone
before you can answer type of thing, an associate of mine
had a theory that older versions of linux and BSD might
respond to that sequence with FIN/ACK, anyone know if thats
true or not ???
Previous By Date Next
Previous By Thread Next

Current thread: