Nmap Announce mailing list archives
Mac OS X Signature (fwd)
From: <lamont () icopyright com>
Date: Sun, 7 May 2000 19:13:40 -0700 (PDT)
Seems MACs still loudly announce themselves on RSTs. I grok not wanting to put single-OS-specific code into NMAP, but there are lots of Macs out there and lots of them have no ports open. ---------- Forwarded message ---------- Date: Wed, 3 May 2000 11:36:37 -0400 From: Omachonu Ogali <oogali () INTRANOVA NET> To: BUGTRAQ () SECURITYFOCUS COM Subject: Mac OS X Signature I've noticed that if you send a TCP packet with the acknowledgement (ACK) flag set, a remote machine running Mac OS X will send a TCP packet with the reset (RST) flag set and "tcp_close, during connect" in the packet payload. I don't have any machines to test with, this was noted on my webserver and tcpdump. -- snip -- 19:51:19.435963 XXX.XXX.XXX.XXX.49225 > XXX.XXX.XXX.XXX.80: R 2435394389:2435394414 (25) win 0 (ttl 242, id 48284) 0x0000 4500 0041 bc9c 0000 f206 7b68 d182 8e5b E..A......{h...[ 0x0010 d1c9 5f0a c049 0050 9129 2b55 0000 0000 .._..I.P.)+U.... 0x0020 5004 0000 7387 0000 7463 705f 636c 6f73 P...s...tcp_clos 0x0030 652c 2064 7572 696e 6720 636f 6e6e 6563 e,.during.connec 0x0040 74 t -- snip -- -- +-------------------------------------------------------------------------+ | Omachonu Ogali oogali () intranova net | | Intranova Networking Group http://tribune.intranova.net | | PGP Key ID: 0xBFE60839 | | PGP Fingerprint: C8 51 14 FD 2A 87 53 D1 E3 AA 12 12 01 93 BD 34 | +-------------------------------------------------------------------------+
Current thread:
- Mac OS X Signature (fwd) lamont (May 07)
- Re: Mac OS X Signature (fwd) Andrew Brown (May 07)
- Re: Mac OS X Signature (fwd) Joe Battle (May 11)
- Re: Mac OS X Signature (fwd) Andrew Brown (May 07)