nmap FIN scans?
Chad K. Lewis
linoge at earthlink.net
Sat Oct 23 09:57:36 PDT 1999
"Chris K. Young" wrote:
> On Fri, Oct 22, 1999 at 07:40:18PM -0700, Chad K. Lewis foobarred:
> ! Since they are signal to close a connection, I don't think there's a
> ! huge amount you could do with them directly. I can envision some
> ! denial-of-service attacks that might work based on sending IP-spoofed
> ! FIN packets prematurely closing connections, but that's about it and
> ! I'm not sure how effective that would really be.
> I have not read any of the relevant RFCs, so this is only a hunch: but
> isn't there a sequence number that one would have to guess to close
> your connection?
> Chris K.
Yes, which was why I'm inclined to think it wouldn't be too effective
an attack assuming that the tcp stack in question is correct.
Chad Lewis Free the Source
and Your Mind
More information about the KPLUG-List