Greetings Two completely unrelated questions: 1. If a machine is being SYN flooded, once the connection queue is filled, is it a) going to respond with RST, b) going to respond with ICMP Source Quench c) not going to respond at all. The reason I am asking is that once in a while, I see packets with R and A bits set destined to a few hosts on my network that are silent. The only logical explanation is that their IP's are used in a spoofed flood attack, and the RSTACK are the residuals. Am I correct? 2. Is there an app, that'll listen on assigned ports, complete the 3 way handshake, and log everything that's sent to it. I want to be able to log the various exploits without actually running the vulnerable services, so something that listens on port 111, or 53, or 21 and logs the connections would be great. Can netcat do this? After this email, I am going to go play.... Thanks -Gary- Gary Portnoy Network Administrator gportnoyat_private PGP Fingerprint: 9D69 6A39 642D 78FD 207C 307D B37D E01A 2E89 9D2C
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 08:26:42 PDT