Dear Kelly,
>If someone sends a packet with the SYN bit set to a host,
> typically what is the client's source port? Or is that crafted too?
Source port >1024 (normaly, please check on that, might be different from OS to OS.
>Can you have a UDP SYN packet?
No UDP is as you correctly say connectionless, so no synchronisation is required, you
could potential build a kind of sync feature but inside your UDP payload at another layer.
|
> |
Looking at some suspicious behaviour in our logs...
If someone sends a packet with the SYN bit set to a host, typically what is the client's source port? Or is that crafted too?
And additionally, when a client does sent a packet of this type, am I right in assuming its generally TCP only? Can you have a UDP SYN packet? I assume because its connectionless, no??? |
--
Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
