Looking at some suspicious behaviour in our logs... If someone sends a packet with the SYN bit set to a host, typically what is the client's source port? Or is that crafted too?
And additionally, when a client does sent a packet of this type, am I right in assuming its generally TCP only? Can you have a UDP SYN packet? I assume because its connectionless, no???
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
