Re: rst-scan for portmap?

From: Tim Haynes (usenet@stirfried.vegetable.org.uk)
Date: 02/21/02 

From: Tim Haynes <usenet@stirfried.vegetable.org.uk>
Date: Thu, 21 Feb 2002 16:47:10 +0000

RainbowHat <nHiATlE@blSackholeP.mAit.edMu.invalid> writes:

[snip]
>> 1 tcp 210.178.12.111:38507 -> mybox 111 ---r--
>>
>>Just the solitary RST packet, to both boxes, from the same source machine &
>>port#, to my port 111.
>>
>>Combining port-scanning and OS fingerprinting, are they now? Bastards.

> <perhaps>
> I guess this is inverse mapping (inverse scanning). The prober are
> wanting to know the structure of your network. Are you still see this
> type of probes from other IP a few times per day or per week? If so,
> maybe this is slow coordinated scans.
> </perhaps>

"Inverse"?

Well I've not noticed anything since then, so I guess the failure to
respond when tickled has saved my machine(s)[0].

[0] One is mine, one was my company's, so under my jurisdiction until my
last day, last Thursday. I've now only got the one box in the rack/subnet
in question ;)

~Tim 

-- 
It's enough that I can see the morning      |piglet@stirfried.vegetable.org.uk
In miracles much more than I can say        |http://spodzone.org.uk/
It's enough to keep me still believing      |
In drifting hearts so far away              |

Quantcast