Looking at some suspicious behaviour in our logs...
If someone sends a packet with the SYN bit set to a host, typically what is
the client's source port? Or is that crafted too?
And additionally, when a client does sent a packet of this type, am I right
in assuming its generally TCP only? Can
Kelly,
SYN packets and ports do not correlate. And yes, SYN is TCP. You should
read up on TCP/IP etc so that you understand protocols before posting to
mailing lists.
Kelly Robinson wrote:
Looking at some suspicious behaviour in our logs...
If someone sends a packet with the SYN bit
--On Tuesday, November 13, 2007 17:38:39 -0500 Simon Smith
[EMAIL PROTECTED] wrote:
Kelly,
SYN packets and ports do not correlate.
Huh? You'd better explain what you mean here a little further.
And yes, SYN is TCP.
You mean SYN is TCP *only*, not UDP.
You should
read up on TCP/IP
Dear Kelly,
If someone sends a packet with the SYN bit set to a host,
typically what is the client's source port? Or is that crafted too?
Source port 1024 (normaly, please check on that, might be different from OS to OS.
Can you have a UDP SYN packet?
No UDP is as you correctly say
Simon Smith wrote:
Kelly,
SYN packets and ports do not correlate. And yes, SYN is TCP. You should
read up on TCP/IP etc so that you understand protocols before posting to
mailing lists.
Maybe then you could explain how it works :-) From what I understand,
the RFC doesn't really
Google for ephemeral port tcp syn
On Nov 13, 2007 5:43 PM, Dean Pierce [EMAIL PROTECTED] wrote:
Simon Smith wrote:
Kelly,
SYN packets and ports do not correlate. And yes, SYN is TCP. You
should
read up on TCP/IP etc so that you understand protocols before posting to
mailing