| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <473A36A9.1060009@pdx.edu> Date: Tue, 13 Nov 2007 15:43:37 -0800 From: Dean Pierce <piercede@....edu> To: Simon Smith <simon@...soft.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Crafted SYN Packets... Simon Smith wrote: > Kelly, > SYN packets and ports do not correlate. And yes, SYN is TCP. You should > read up on TCP/IP etc so that you understand protocols before posting to > mailing lists. Maybe then you could explain how it works :-) From what I understand, the RFC doesn't really specify how source ports should be generated for new TCP sessions (Please someone correct me if I'm wrong, I am not intimately familiar with that particular set of RFCs). On my linux system I have currently have access to, the numbers I am getting seem pretty random (59101, 49607, 40343, 54786, 38335, ...) while the windows xp machine I am on seems to be rather sequential (12050, 12065, 10293, ...). Also, google claims that source ports have been used to identify worms etc where the source ports have been hard coded into the packet engine. Hopefully someone more familiar with the field responds :-) - DEAN _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists