Nmap Announce mailing list archives
Mac OS X Signature (fwd)
From: <lamont () icopyright com>
Date: Sun, 7 May 2000 19:13:40 -0700 (PDT)
Seems MACs still loudly announce themselves on RSTs.
I grok not wanting to put single-OS-specific code into NMAP, but there are
lots of Macs out there and lots of them have no ports open.
---------- Forwarded message ----------
Date: Wed, 3 May 2000 11:36:37 -0400
From: Omachonu Ogali <oogali () INTRANOVA NET>
To: BUGTRAQ () SECURITYFOCUS COM
Subject: Mac OS X Signature
I've noticed that if you send a TCP packet with the acknowledgement (ACK)
flag set, a remote machine running Mac OS X will send a TCP packet with
the reset (RST) flag set and "tcp_close, during connect" in the packet
payload. I don't have any machines to test with, this was noted on my
webserver and tcpdump.
-- snip --
19:51:19.435963 XXX.XXX.XXX.XXX.49225 > XXX.XXX.XXX.XXX.80: R 2435394389:2435394414 (25) win 0 (ttl 242, id 48284)
0x0000 4500 0041 bc9c 0000 f206 7b68 d182 8e5b E..A......{h...[
0x0010 d1c9 5f0a c049 0050 9129 2b55 0000 0000 .._..I.P.)+U....
0x0020 5004 0000 7387 0000 7463 705f 636c 6f73 P...s...tcp_clos
0x0030 652c 2064 7572 696e 6720 636f 6e6e 6563 e,.during.connec
0x0040 74 t
-- snip --
--
+-------------------------------------------------------------------------+
| Omachonu Ogali oogali () intranova net |
| Intranova Networking Group http://tribune.intranova.net |
| PGP Key ID: 0xBFE60839 |
| PGP Fingerprint: C8 51 14 FD 2A 87 53 D1 E3 AA 12 12 01 93 BD 34 |
+-------------------------------------------------------------------------+
Current thread:
- Mac OS X Signature (fwd) lamont (May 07)
- Re: Mac OS X Signature (fwd) Andrew Brown (May 07)
- Re: Mac OS X Signature (fwd) Joe Battle (May 11)
- Re: Mac OS X Signature (fwd) Andrew Brown (May 07)