0 In article [EMAIL PROTECTED],
0 Alain Tesio URL:mailto:[EMAIL PROTECTED] (Alain) wrote:
Alain Packets on port 0 are invalid and like packets with private
Alain IPs or bad TCP flags, they can be used for fingerprinting the
Alain target system. I don't see any other reason to see a packet
Alain
0 In article [EMAIL PROTECTED],
0 Alain Tesio URL:mailto:[EMAIL PROTECTED] (Alain) wrote:
Alain Packets on port 0 are invalid and like packets with private
Alain IPs or bad TCP flags, they can be used for fingerprinting the
Alain target system. I don't see any other reason to see a packet
Alain
]
Sent: Saturday, October 12, 2002 11:31 AM
Subject: Re: Access on Port 0
Packets on port 0 are invalid and like packets with private IPs or bad TCP
flags,
they can be used for fingerprinting the target system.
I don't see any other reason to see a packet on port 0.
Alain
--
To UNSUBSCRIBE, email
Statu Nascendi wrote:
While using nmap for fingerprinting my linux box, i noticed that it
sends FP
flags for doing that. Is it really possible to fingerprint using
corrupted
packets?
Do you have some docs on that?
This article describes, how nmap does fingerprinting:
Packets on port 0 are invalid and like packets with private IPs or bad TCP
flags,
they can be used for fingerprinting the target system.
I don't see any other reason to see a packet on port 0.
Alain
@lists.debian.org
Sent: Saturday, October 12, 2002 11:31 AM
Subject: Re: Access on Port 0
Packets on port 0 are invalid and like packets with private IPs or bad TCP
flags,
they can be used for fingerprinting the target system.
I don't see any other reason to see a packet on port 0.
Alain
Statu Nascendi wrote:
While using nmap for fingerprinting my linux box, i noticed that it
sends FP
flags for doing that. Is it really possible to fingerprint using
corrupted
packets?
Do you have some docs on that?
This article describes, how nmap does fingerprinting:
Hi,
Notice the PROTO=UDP part of the message. It means that this is a UDP packet,
not a TCP packet. UDP is not a socket-based protocol, so the port number is
meaningless for UDP packets. The log message includes port 0 because it was
easier to do that than to have a different format string for
Well, that will teach me to trust my faulty memory when answering a
question. I was confusing UDP and ICMP (and I'm not entirely sure my
answer would have been correct even if we were talking about ICMP).
Hopefully someone with more of a clue can answer the original question.
--- Wade
On
Hello!
In my firewall-log I can find several entries like this:
8---
Oct 11 19:25:48 asterix kernel: Dropwall: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:**:**:**:**:**:**:**:** SRC=***.***.***.***
DST=***.***.***.*** LEN=1456 TOS=0x00 PREC=0x00 TTL=110 ID=21266 PROTO=UDP
SPT=17060 DPT=0
Wade Richards [EMAIL PROTECTED] writes:
Notice the PROTO=UDP part of the message. It means that this
is a UDP packet, not a TCP packet. UDP is not a socket-based
protocol, so the port number is meaningless for UDP packets.
This statement is nonsense. Both TCP and UDP have 16-bit port
Hello!
In my firewall-log I can find several entries like this:
8---
Oct 11 19:25:48 asterix kernel: Dropwall: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:**:**:**:**:**:**:**:** SRC=***.***.***.***
DST=***.***.***.*** LEN=1456 TOS=0x00 PREC=0x00 TTL=110 ID=21266 PROTO=UDP
SPT=17060 DPT=0
Hi,
Notice the PROTO=UDP part of the message. It means that this is a UDP packet,
not a TCP packet. UDP is not a socket-based protocol, so the port number is
meaningless for UDP packets. The log message includes port 0 because it was
easier to do that than to have a different format string for
Wade Richards [EMAIL PROTECTED] writes:
Notice the PROTO=UDP part of the message. It means that this
is a UDP packet, not a TCP packet. UDP is not a socket-based
protocol, so the port number is meaningless for UDP packets.
This statement is nonsense. Both TCP and UDP have 16-bit port
Well, that will teach me to trust my faulty memory when answering a
question. I was confusing UDP and ICMP (and I'm not entirely sure my
answer would have been correct even if we were talking about ICMP).
Hopefully someone with more of a clue can answer the original question.
--- Wade
On
15 matches
Mail list logo