Bugtraq mailing list archives
Re: stealth port scanning
From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Mon, 8 Sep 1997 19:16:44 +0100
The idea is that closed ports tend to reply to your FIN packet with the proper RST. Open ports, on the other hand, tend to ignore the packet in question. This is a bug in TCP implementations [...]
Which is not quite right. Its the way the protocol is defined. Worse still a FIN to a listening port in itself is legitimate for some TCP close down paths. You have to ignore the out of sequence FIN for the protocol to work and you have to RST it for connection close down to work. Its perhaps about time people worked harder on secure machines so scanning doesn't matter. With a good grasp of tcp and a lot of paper I think you could formally prove a scanner has to work. BTW bored folks might be interested in the other stuff I've been playing with, "Good Times" is alive and well and works even better on usenet. Using the netscape and ie3/4 bugs and news articles Content-type: text/html you can it turns out replicate all the attacks across usenet. Next question to be resolved - can you run java applets fro news:<articleid> urls, if so has anyone got a java applet to do the inn hack ... ?
Current thread:
- Re: stealth port scanning Fyodor (Sep 08)
- Re: stealth port scanning Duncan Simpson (Sep 08)
- Re: stealth port scanning Alan Cox (Sep 08)
- Security Bulletins Digest Aleph One (Sep 09)
- AIX bugfiler Aleph One (Sep 09)
- FTP compromise. Aleph One (Sep 09)
- OpenBSD Security Advisory: BSD I/O Signals Thomas H. Ptacek (Sep 14)
- Re: OpenBSD Security Advisory: BSD I/O Signals Alan Cox (Sep 15)
- Small bug in screen-3.7.1 gershwin (Sep 15)