Re: UDP port scanning...

[Rob Quinn <rquinn () sec sprint net>]

>   - Kernel receives packet.
>   - Kernel checks to see if packet is a SYN, if so it allows other
> existing items (such as ipfw, ipchains, tcp wrappers etc) to deal with it.
>   - If not a SYN, it checks to see if it is a part of an existing
> conversation, and if it is, allows the packet (the state table). 
>   - If not a part of an existing conversation, drop the packet (and
> alternately log it).

 What happens to a remote sender if your machine reboots during a TCP sessions?

     131  ECONNRESET   Connection reset by peer
            A connection was forcibly closed  by  a  peer.   This
            normally results from a loss of the connection on the
            remote host due to a timeout or a reboot.

> I don't understand why the above four steps are not standard in all networked
> systems [...]

 This could be suitable for a bastion host or firewall, but not a "standard
networked system". If some server of mine reboots or crashes, I want the
clients to know quickly so that they can start the recovery process ASAP,
instead of going through the TCP/IP timeout period.

-- 
| Opinions are _mine_, facts                                     Rob Quinn |
| are facts.                                                 (703)689-6582 |
|                                                    rquinn () sec sprint net |
|                                                Sprint Corporate Security |