From: Paul Johnston (paul@westpoint.ltd.uk)
Date: Tue Jan 13 2004 - 04:46:08 EST
Hi,
I've come accross the following anomoloies while auditing a network, can
anyone help explain what they are:
1) Ports that "hang open" i.e. you can connect, send data ok, but the
other end never sends any data and never closes the connection.
2) HTTP ports that function normally when you issue some methods, but on
other methods (including the imaginary method "SILLY") cause the
connection to "hang open" like in (1).
3) Ports where the TTL is different on the SYN reply to the rest of the
connection. ipid's also imply that different hosts are handling the SYN
and the rest of the connection.
I've got some theories, but I'm not sure how much I'm jumping to
conclusions.
Paul
-- Paul Johnston Internet Security Specialist Westpoint Limited Albion Wharf, 19 Albion Street, Manchester, M1 5LN England Tel: +44 (0)161 237 1028 Fax: +44 (0)161 237 1031 email: paul@westpoint.ltd.uk web: www.westpoint.ltd.uk --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:45 EDT