Full Disclosure mailing list archives
Re: SYN ACK scans to random ports
From: Crist Clark <cjclark () alum mit edu>
Date: Tue, 24 Sep 2013 21:29:24 -0700
Backscatter. Someone may be sending out spoofed SYNs. The target sends SYN-ACKs to the spoofed source, you. What's the source port? A well known service? Do the source addresses really have reachable services on those ports? On Sep 24, 2013 7:25 AM, <silence_is_best () hushmail com> wrote:
Can someone explain the point of a SYN ACK scan to random high ports? I usually see a fair amount of these...at first I thought it was maybe a block to an initiating SYN packet, but I don't see any evidence that the SYN ACK isn't the first packet seen. Danke. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- SYN ACK scans to random ports silence_is_best (Sep 24)
- Re: SYN ACK scans to random ports Fabio (Sep 24)
- Re: SYN ACK scans to random ports Jan Murawski (Sep 25)
- Re: SYN ACK scans to random ports Crist Clark (Sep 24)
- Re: SYN ACK scans to random ports silence_is_best (Sep 25)
- Re: SYN ACK scans to random ports Justin Ferguson (Sep 25)
- Re: SYN ACK scans to random ports silence_is_best (Sep 25)
- Re: SYN ACK scans to random ports Fabio (Sep 24)