[7980] in bugtraq
stopping "nack" `stealth' scanning.
daemon@ATHENA.MIT.EDU (Darren Reed)
Sat Sep 19 16:07:45 1998
Date: Sat, 19 Sep 1998 15:40:19 +1000
Reply-To: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
From: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
To: BUGTRAQ@NETSPACE.ORG
One of the other ways to stealth scan is observing which ports no
reply is received for. This patch causes RST's to be generated when
sending (for example) a FIN to a listening socket, the same as in all
other occasions. Patch provided by mycroft.
Darren
*** tcp_input.c.orig Sat Sep 19 14:52:06 1998
--- tcp_input.c Sat Sep 19 14:24:22 1998
***************
*** 618,624 ****
tiwin <<= tp->snd_scale;
goto after_listen;
}
! }
} else {
/*
* Received a SYN.
--- 618,625 ----
tiwin <<= tp->snd_scale;
goto after_listen;
}
! } else
! goto badsyn;
} else {
/*
* Received a SYN.
