Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Subject: Re: UDP port scanning...
From: Rob Quinn (rquinnsec.sprint.net)
Date: Fri Feb 11 2000 - 06:29:35 CST
- Next message: The Cyberiad: "Re: fooling nmap"
- Previous message: Mikael Olsson: "Re: how to know scan is correct?"
- In reply to: Simple Nomad: "Re: UDP port scanning..."
- Reply: Rob Quinn: "Re: UDP port scanning..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> - Kernel receives packet.
> - Kernel checks to see if packet is a SYN, if so it allows other
> existing items (such as ipfw, ipchains, tcp wrappers etc) to deal with it.
> - If not a SYN, it checks to see if it is a part of an existing
> conversation, and if it is, allows the packet (the state table).
> - If not a part of an existing conversation, drop the packet (and
> alternately log it).
What happens to a remote sender if your machine reboots during a TCP sessions?
131 ECONNRESET Connection reset by peer
A connection was forcibly closed by a peer. This
normally results from a loss of the connection on the
remote host due to a timeout or a reboot.
> I don't understand why the above four steps are not standard in all networked
> systems [...]
This could be suitable for a bastion host or firewall, but not a "standard
networked system". If some server of mine reboots or crashes, I want the
clients to know quickly so that they can start the recovery process ASAP,
instead of going through the TCP/IP timeout period.
-- | Opinions are _mine_, facts Rob Quinn | | are facts. (703)689-6582 | | rquinnsec.sprint.net | | Sprint Corporate Security |