oh got it.thanks for the reply. On Jan 19, 2008 7:40 PM, Fernando Gont <[EMAIL PROTECTED]> wrote: > At 04:22 a.m. 19/01/2008, crazy frog crazy frog wrote: > > That means the client should send its SYN before it receives the > server's SYN, and viceversa. That is, both SYNs should be sent almost > simultaneously. And this is unlikely. > > Kind regards, > Fernando > > > > > > >nice discussion but what u mean by "Secondly, both SYNs should "cross > >in the network". This is unlikely." > >i mean its not cars on the road which will collide on network.those > >two are different SYN so will it affect the network? > > > >On Jan 18, 2008 12:39 PM, Fernando Gont <[EMAIL PROTECTED]> wrote: > > > At 07:55 p.m. 17/01/2008, you wrote: > > > > > > >TCP specification (rfc 793) mentions about a simultaneous open and > > > >it's use in distributed set ups. > > > >In this case the handshake would proceed as follows: > > > > > > > >C -> S (Syn) .. 1 > > > >S -> C (Syn) .. 2 > > > >(1 and 2 happends almost simultaneously) > > > >C -> S (Syn|Ack) > > > >S -> C (Syn|Ack) > > > > > > > >My question is do we see this behavior in the practical world ? > > > > > > No, it is not. > > > > > > Firstly, usually only clients perform an active open of a connection > > > (i.e., send a "SYN"). This has to do with the Client/Server model. > > > Therefore, you won't see a SYN coming from the server. > > > > > > Secondly, both SYNs should "cross in the network". This is unlikely. > > > > > > Thirdly, in order for a simultaneous open to take place, not only > > > should both systems send SYNs that cross each other in the network, > > > but the client's source port should match the server's destination > > > port, and the client's destination port should match the server's > > > source port. This usually unlikely. > > > > > > Kind regards, > > > > > > -- > > > Fernando Gont > > > e-mail: [EMAIL PROTECTED] || [EMAIL PROTECTED] > > > PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > Test Your IDS > > > > > > Is your IDS deployed correctly? > > > Find out quickly and easily by testing it > > > with real-world attacks from CORE IMPACT. > > > Go to > > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw > > > to learn more. > > > ------------------------------------------------------------------------ > > > > > > > > > > > > > >-- > >advertise on secgeeks? > >http://secgeeks.com/Advertising_on_Secgeeks.com > >http://newskicks.com > > -- > Fernando Gont > e-mail: [EMAIL PROTECTED] || [EMAIL PROTECTED] > PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 > > > > >
-- advertise on secgeeks? http://secgeeks.com/Advertising_on_Secgeeks.com http://newskicks.com ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
