[Snort-users] Snort and Random ACK Scans

Fyodor fyodor at ...306...
Fri Aug 11 17:35:49 EDT 2000


On Fri, 11 Aug 2000, Daniel van Balen wrote:

> I't seems like a dead giveaway
> that someone is scaning you. The same seems to hapen with Syn scans. Should or
> could a natural non-scan Syn packet have a ack field of anything but 0?

Yeah.  The 2nd part of TCP connection establishment is SYN/ACK .

Cheers,
-F





More information about the Snort-users mailing list