[Dshield] Here's a good idea

Brian Dessent brian at dessent.net
Thu Apr 15 03:33:35 GMT 2004

Miles Stevenson wrote:

> session establishment though. You should be able to get a full HTTP URL
> request for cmd.exe into the first initial SYN packet, thus making sequence
> number guessing unnecessary. I have not tested that though. Does anyone know
> if it works?

A connection is not established until the three-way handshake is
successful.  Apache will not see a thing until that has happened, as
that requires that the ISNs be in sync.  The notion of putting data in
the first SYN packet is meaningless because no connection exists until
two other packets have been sent.  So, no, you can't just send off a
single packet to a server and suddenly have a connection in the
'established' state.


More information about the list mailing list