nmap FIN scans?
Chad K. Lewis
linoge at earthlink.net
Sat Oct 23 09:57:36 PDT 1999
"Chris K. Young" wrote:
>
> On Fri, Oct 22, 1999 at 07:40:18PM -0700, Chad K. Lewis foobarred:
> ! Since they are signal to close a connection, I don't think there's a
> ! huge amount you could do with them directly. I can envision some
> ! denial-of-service attacks that might work based on sending IP-spoofed
> ! FIN packets prematurely closing connections, but that's about it and
> ! I'm not sure how effective that would really be.
>
> I have not read any of the relevant RFCs, so this is only a hunch: but
> isn't there a sequence number that one would have to guess to close
> your connection?
>
> Chris K.
Yes, which was why I'm inclined to think it wouldn't be too effective
an attack assuming that the tcp stack in question is correct.
ckl
--
Chad Lewis Free the Source
and Your Mind
Will Follow
More information about the KPLUG-List
mailing list