Penetration Testing mailing list archives
Re: Some unusual network features
From: Alla Bezroutchko <alla () scanit be>
Date: Wed, 14 Jan 2004 12:01:55 +0100
Paul Johnston wrote:
Hi,I've come accross the following anomoloies while auditing a network, can anyone help explain what they are:
3) Ports where the TTL is different on the SYN reply to the rest of the connection. ipid's also imply that different hosts are handling the SYN and the rest of the connection.
I've seen that on a server behind a Cisco PIX firewall with SYN flood protection enabled. The firewall handles connection setup itself and once the handhsake is complete, establishes the connection with the server behind it. If the handshake is not complete the server never sees any of it.
Alla. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Some unusual network features Paul Johnston (Jan 13)
- Re: Some unusual network features Nathan R. Valentine (Jan 13)
- Re: Some unusual network features Andrew Simmons (Jan 13)
- Re: Some unusual network features Mike Hoskins (Jan 13)
- Re: Some unusual network features Shashank Rai (Jan 14)
- Re: Some unusual network features Alla Bezroutchko (Jan 14)
- Re: Some unusual network features die tuere (Jan 15)
- Re: Some unusual network features Daniel Lucq (Jan 15)
- <Possible follow-ups>
- RE: Some unusual network features Deckard, Jason (Jan 14)