Penetration Testing mailing list archives

Some unusual network features

From: Paul Johnston <paul () westpoint ltd uk>
Date: Tue, 13 Jan 2004 09:46:08 +0000

Hi,

I've come accross the following anomoloies while auditing a network, cananyone help explain what they are:

1) Ports that "hang open" i.e. you can connect, send data ok, but theother end never sends any data and never closes the connection.2) HTTP ports that function normally when you issue some methods, but onother methods (including the imaginary method "SILLY") cause theconnection to "hang open" like in (1).3) Ports where the TTL is different on the SYN reply to the rest of theconnection. ipid's also imply that different hosts are handling the SYNand the rest of the connection.

I've got some theories, but I'm not sure how much I'm jumping toconclusions.


Paul

--
Paul Johnston
Internet Security Specialist
Westpoint Limited
Albion Wharf, 19 Albion Street,
Manchester, M1 5LN
England
Tel: +44 (0)161 237 1028
Fax: +44 (0)161 237 1031
email: paul () westpoint ltd uk
web: www.westpoint.ltd.uk



---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Some unusual network features Paul Johnston (Jan 13)
- Re: Some unusual network features Nathan R. Valentine (Jan 13)
- Re: Some unusual network features Andrew Simmons (Jan 13)
- Re: Some unusual network features Mike Hoskins (Jan 13)
- Re: Some unusual network features Shashank Rai (Jan 14)
- Re: Some unusual network features Alla Bezroutchko (Jan 14)
  - Re: Some unusual network features die tuere (Jan 15)
  - Re: Some unusual network features Daniel Lucq (Jan 15)
- <Possible follow-ups>
- RE: Some unusual network features Deckard, Jason (Jan 14)