stopping "nack" `stealth' scanning.

From: Darren Reed (avalonat_private)
Date: Fri Sep 18 1998 - 22:40:19 PDT

Next message: bobk: "Re: Incorrect Linux ARP behavior"

Previous message: pedwardat_private: "Re: Incorrect Linux ARP behavior"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

One of the other ways to stealth scan is observing which ports no
reply is received for.  This patch causes RST's to be generated when
sending (for example) a FIN to a listening socket, the same as in all
other occasions.  Patch provided by mycroft.

Darren


*** tcp_input.c.orig    Sat Sep 19 14:52:06 1998
--- tcp_input.c Sat Sep 19 14:24:22 1998
***************
*** 618,624 ****
                                                tiwin <<= tp->snd_scale;
                                                goto after_listen;
                                        }
!                               }
                        } else {
                                /*
                                 * Received a SYN.
--- 618,625 ----
                                                tiwin <<= tp->snd_scale;
                                                goto after_listen;
                                        }
!                               } else
!                                       goto badsyn;
                        } else {
                                /*
                                 * Received a SYN.

Next message: bobk: "Re: Incorrect Linux ARP behavior"
Previous message: pedwardat_private: "Re: Incorrect Linux ARP behavior"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:16:51 PDT