Firewall Wizards mailing list archives
Re: RST's and ACK's and stealth scans
From: HSKarim <HSKarim () aol com>
Date: Fri, 8 May 1998 17:26:01 EDT
Matt... Thanks... I haven't used nmap yet but according to your tcpdump output... it appears that RST's should accompany ACK's... but I'm running BSDi 3.0 with TIS Gauntlet patches.... I'm seeing some traffic without the ACK bit set. A company that is performing intrusion tests on my network is saying that the fact that the packet was sent back with an RST & ACK means that a service was available but it had some kind of filter on it. I disagreed, because I know that nothing was running except one port. But I performed a TCPdump while he scanned with a modified nmap and I saw the RST's going back with and without the ACK bit set. It wasn't really consistent either. Peace -Hassan Karim In a message dated 98-05-08 10:37:45 EDT, you write: << If this helps, here's the logs from tcpdump for a normal (full connect) tcp scan, syn, and fin scan. Fyodor's nmap was used for all the scans. All scans were conducted from 192.168.0.2 against 192.168.0.3 (both running Linux 2.0.33) >>
Current thread:
- RST's and ACK's and stealth scans HSKarim (May 02)
- Re: RST's and ACK's and stealth scans darrenr (May 03)
- <Possible follow-ups>
- Re: RST's and ACK's and stealth scans Steve Bellovin (May 02)
- Re: RST's and ACK's and stealth scans Vern Paxson (May 02)
- Re: RST's and ACK's and stealth scans HSKarim (May 04)
- RE: RST's and ACK's and stealth scans Franz, Matt (May 09)
- Re: RST's and ACK's and stealth scans HSKarim (May 09)