Full Disclosure mailing list archives

Re: Crafted SYN Packets...

From: Paul Schmehl <pauls () utdallas edu>
Date: Tue, 13 Nov 2007 16:46:41 -0600

--On Tuesday, November 13, 2007 17:38:39 -0500 Simon Smith 
<simon () snosoft com> wrote:

Kelly,
      SYN packets and ports do not correlate.


Huh?  You'd better explain what you mean here a little further.

And yes, SYN is TCP.


You mean SYN is TCP *only*, not UDP.

You should
read up on TCP/IP etc so that you understand protocols before posting to
mailing lists.

Kelly Robinson wrote:

Looking at some suspicious behaviour in our logs...

If someone sends a packet with the SYN bit set to a host, typically what
is the client's source port? Or is that crafted too?


It can be but doesn't have to be.

-- 
Paul Schmehl (pauls () utdallas edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Crafted SYN Packets... Kelly Robinson (Nov 13)
- Re: Crafted SYN Packets... Simon Smith (Nov 13)
  - Re: Crafted SYN Packets... Paul Schmehl (Nov 13)
  - Re: Crafted SYN Packets... Dean Pierce (Nov 13)
    - Re: Crafted SYN Packets... nocfed (Nov 13)
- Re: Crafted SYN Packets... Thierry Zoller (Nov 13)