[unisog] RE: Fin - no - Ack

Smith, Donald Donald.Smith at qwest.com
Wed Feb 25 19:49:10 GMT 2004


Ok now I have to ask, Got packets?


Donald.Smith at qwest.com GCIA
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAF00EDCC
Good luck favors the well prepared. Bad luck favors the poorly prepared.

> -----Original Message-----
> From: Fred Portnoy [mailto:fportnoy at mail.plymouth.edu]
> Sent: Wednesday, February 25, 2004 11:56 AM
> To: Smith, Donald
> Subject: RE: [unisog] RE: Fin - no - Ack
> 
> 
> right, no syn.
> 
> -----Original Message-----
> From: Smith, Donald [mailto:Donald.Smith at qwest.com] 
> Sent: Wednesday, February 25, 2004 1:43 PM
> To: fportnoy at mail.plymouth.edu; intrusion at sans.org; unisog at sans.org
> Subject: [unisog] RE: Fin - no - Ack
> 
> 
> Just the fin (no syn?).
> SYN/FIN scanning works in some os'es and can pass weak filters.
> 
> Donald.Smith at qwest.com GCIA
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAF00EDCC
> Good luck favors the well prepared. Bad luck favors the 
> poorly prepared.
> 
> > -----Original Message-----
> > From: Fred Portnoy [mailto:fportnoy at mail.plymouth.edu]
> > Sent: Wednesday, February 25, 2004 11:30 AM
> > To: intrusion at sans.org; unisog at sans.org
> > Subject: Fin - no - Ack
> > 
> > 
> > Since around 9am today I am seeing high rates of scans coming
> > from my ResNet
> > with the FIN bit set but no ACK bit. Does this sound familiar 
> > to anyone?
> > 
> > thanks
> > 
> > -fp
> > 
> > 
> > 
> > 
> 
> 



More information about the unisog mailing list