Not All SYN Packets Are Created Equal

By Daniel Miessler on May 18th, 2006: Tagged as Information Security | Security

During a recent assessment I noticed that I was getting back (or, not getting back, as it were) a filtered response to nmap and hping SYN scans. That’s normal enough for sites that drop incoming scan traffic, but the weird part was that if I used a standard connect scan, i.e. one that completes the three-way-handshake, I would get back a ton of open ports on the same host.

So if I did a “regular” scan, I’d send a SYN, get back a SYN-ACK, and then respond with an ACK. Fair enough, but if I sent just the SYN from nmap or tcpdump, the host would not respond at all. Well, after a couple of minutes of head-scratching, logic revealed the path to the truth:

Link: Not All SYN Packets Are Created Equal

  • Digg
  • Reddit
  • StumbleUpon
  • description
  • Google
  • del.icio.us
  • TwitThis
  • Facebook
  • MySpace
  • E-mail this story to a friend!
  • Print this article!

Viewing 2 Comments

 

Trackbacks

(Trackback URL)

  • /dev/infosec_samurai

    23/05/06 at 11:17 AM

    Syn Packets... Daniel has uncovered something that I have suspected for some time now. It appears that when you use nmap’s ...

close Reblog this comment
Powered by Disqus · Learn more
blog comments powered by Disqus

My Twitter Microblog

    Discovered Content


    About dmiessler.com

    This site is an avatar for my own self-assigned life purpose--an attempt to model the world in the most accurate way possible, and to do so without bias or fear of unpleasant truth. I desire to develop, articulate, and perpetually improve models of how things work, and then to use that understanding to increase happiness and reduce suffering. I seek those on similar paths and thrive on sharing an appreciation of the interesting and beautiful with others.



    Blog
    Study
    Writing
    Infosec
    Technology
    Politics

    Top Original Content


    Security & Technology

    Philosophy & Science

    Culture & Society

    Blog Archives