[Snort-users] SYNFIN Scan?
paul at ...26...
Tue Jul 18 10:59:13 EDT 2000
"Mark E. Drummond" wrote:
> What the heck is a SYNFIN scan? I am familiar with SYN scans, FIN scans,
> NULL, Xmas .... but SYNFIN? Is there any particular purpose to this type
> of scan? Is it just single packets with both SYN & FIN flag set
It is a single packet with both SYN & FIN flags set.
Some stacks (some Linux versions) will reply with SYN/FIN/ACK on a
listening port while others respond with RST/ACK and all stacks (anybody
have any exceptions?) reply with a RST/ACK on a closed port. Some older
NIDS and firewalls didn't handle/log these packets properly but it isn't
very stealthy any more.
More information about the Snort-users