[7218] in bugtraq
Re: port 0 scanning
daemon@ATHENA.MIT.EDU (Lamont Granquist)
Fri Jul 10 15:06:15 1998
Date: Thu, 9 Jul 1998 19:20:32 -0700
Reply-To: Lamont Granquist <lamontg@HITL.WASHINGTON.EDU>
From: Lamont Granquist <lamontg@HITL.WASHINGTON.EDU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.OSF.3.95.980707231137.5152C-100000@ale.hitl.washington.edu>
-----BEGIN PGP SIGNED MESSAGE-----
As a followup to this, I've been informed by two people now[*] that Linux
boxes will respond to SYN|FIN with a SYN|FIN|ACK on an open port.
Therefore this probably indicates that the SYN|FIN packets were not only
an attempt to get past poorly designed firewalls, but probably an attempt
to ID the system being probed as a Linux box as well.
[*] Solar Designer and John McDonald
- --
Lamont Granquist <lamontg@hitl.washington.edu> (206)616-1469 fax:(206)543-5380
Human Interface Technology Lab. University of Washington. Seattle, WA
PGP pubkey: finger -l lamontg@hitl.washington.edu | pgp -fka
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBNaV6dCGfPhFbK8mBAQG6owP9E/2Grcjna9BYVnWbcAM4jZ0S8I3Xlv3z
et4JcGE1LOE7667txRUdoBFBGT8nveZKT30mKUUrdrpXTSkVjqIV0lmH0o+1UnZm
dRea+7KQveosZjZQlzu6ndAMDB/lfUhSNiFOy4E18Vnrs8HNlxxwS4UJoCUYYpLg
/HqcjFNaexs=
=5RnL
-----END PGP SIGNATURE-----
