RST's and ACK's and stealth scans

From: HSKarim (HSKarimat_private)
Date: Sat May 02 1998 - 12:02:56 PDT

  • Next message: Steve Bellovin: "Re: RST's and ACK's and stealth scans"

    Quick questions about TCP/IP traffic
    1. What does it mean when I see a Reset accompanied with an ACK?
    That is... someone told me that if I see a packet that only has the RESET flag
    set, this means that the connection was terminated (Or not allowed to
    But, they said, If I see a packet that contains a RESET with the ACK bit set
    then although the connection was refused, this is evidence that some service
    was at least listening enoguh to Acknowlege.
    2. Can I assume that when My firewall sends RST that the packet reveals
    nothing more than the fact that the connection was refused,whether the ACK bit
    is set or not?
    3. If RST was sent and window size is 0 (ACK or no ACK) I conclude that my
    firewall really does not want to talk... Is this a correct conclusion?

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:58:18 PDT