Sending FIN and RST is nothing out of the norm, having session initiations hanging open waiting for an ACK is. > -----Urspr�ngliche Nachricht----- > Von: Jesus Gonzalez [SMTP:[EMAIL PROTECTED]] > Gesendet am: Dienstag, 23. M�rz 1999 23:59 > An: [EMAIL PROTECTED] > Betreff: Stealth snooping > > I've been wrestling with this question for some time now, perhaps someone > (or many) can give me your thoughts. > There are systems that detect intruders or beak-in attempts, apparently > part > of that "detection" is the identification or logging of a port scanner. > BUT, there are scanners out there that claim to be "stealth" scanners by > sending the FIN bit. > If I understand it correctly, the FIN bit basically states that "this is > the > end of transmission", then the host sends an RST bit. If this is the > case, > then how can this be considered stealth since the scanner sending the FIN > bit is a) awaiting the RST response, and b) must have it's IP address in > the > packet? > Are there other methods of scanning which truly are stealth, or is it > currently not possible to port scan in stealth mode? > Any insights to this, or perhaps a better explanation of the FIN bit is > greatly appreciated. > > Thanks. > > - > [To unsubscribe, send mail to [EMAIL PROTECTED] with > "unsubscribe firewalls" in the body of the message.] - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
