From: seberino@spawar.navy.mil
To: Grant Taylor <gtaylor@riverviewtech.net>
Cc: netfilter@lists.netfilter.org
Subject: Re: not sure ESTABLISHED TCP traffic will have ACK flag setalways...
Date: Sat, 9 Apr 2005 20:54:03 -0700 [thread overview]
Message-ID: <20050410035403.GA20178@spawar.navy.mil> (raw)
In-Reply-To: <42582017.5030402@riverviewtech.net>
> The only really questionable flag is the RST where some TCP/IP stacks will
> send packets with the RST flag set if they mistakenly receive a packet that
> was not destined to them. This is i
> mplementation dependent and not clearly defined in RFCs and thus a matter
> of some confusion.
I haven't read this in RFC 793 myself. However, I've read other
docs /about/ RFC 793 that state that RFC 793 mandates closed
ports *must* send an RST in response to packets. This is the
basis for at least some of stealth scans like FIN, Xmas and NULL
IIRC.
It is true that different stacks don't follow the RFC in this area.
MS Windows does not do the proper thing in this area. This
is why the /absense/ of the RST from a closed port is one way
to do OS fingerprinting! If every OS followed the RFC in this
area there would not be so much confusion if I understand things
correctly.
Cheers,
Chris
prev parent reply other threads:[~2005-04-10 3:54 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-08 15:57 not sure ESTABLISHED TCP traffic will have ACK flag set always Christian Seberino
2005-04-08 19:59 ` Taylor, Grant
2005-04-08 20:52 ` Michele Vetturi
2005-04-08 21:01 ` not sure ESTABLISHED TCP traffic will have ACK flag setalways Taylor, Grant
2005-04-09 6:24 ` seberino
2005-04-09 18:33 ` Grant Taylor
2005-04-10 3:23 ` seberino
2005-04-10 5:09 ` Grant Taylor
2005-04-10 3:54 ` seberino [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050410035403.GA20178@spawar.navy.mil \
--to=seberino@spawar.navy.mil \
--cc=gtaylor@riverviewtech.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox