nice discussion but what u mean by "Secondly, both SYNs should "cross in the network". This is unlikely." i mean its not cars on the road which will collide on network.those two are different SYN so will it affect the network?
On Jan 18, 2008 12:39 PM, Fernando Gont <[EMAIL PROTECTED]> wrote: > At 07:55 p.m. 17/01/2008, you wrote: > > >TCP specification (rfc 793) mentions about a simultaneous open and > >it's use in distributed set ups. > >In this case the handshake would proceed as follows: > > > >C -> S (Syn) .. 1 > >S -> C (Syn) .. 2 > >(1 and 2 happends almost simultaneously) > >C -> S (Syn|Ack) > >S -> C (Syn|Ack) > > > >My question is do we see this behavior in the practical world ? > > No, it is not. > > Firstly, usually only clients perform an active open of a connection > (i.e., send a "SYN"). This has to do with the Client/Server model. > Therefore, you won't see a SYN coming from the server. > > Secondly, both SYNs should "cross in the network". This is unlikely. > > Thirdly, in order for a simultaneous open to take place, not only > should both systems send SYNs that cross each other in the network, > but the client's source port should match the server's destination > port, and the client's destination port should match the server's > source port. This usually unlikely. > > Kind regards, > > -- > Fernando Gont > e-mail: [EMAIL PROTECTED] || [EMAIL PROTECTED] > PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 > > > > > > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw > to learn more. > ------------------------------------------------------------------------ > > -- advertise on secgeeks? http://secgeeks.com/Advertising_on_Secgeeks.com http://newskicks.com ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
