syn ??

  pete. 22:40 18 May 2003

can anybody tell what a syn port scan attack
is please pete.

  MartinT-B 22:46 18 May 2003

Is this from McAfee?

click here

  MartinT-B 22:47 18 May 2003

THat didn't work


mcaffee telling you that a syn scan is an attack is a little
premature, its an attempt to scan you to see what services you are
running, if this is only happening on one local port more than likely
you either have someone mass scaning looking for trojans or something
(no idea what runs on 64521) or just trying to make a simple
connection, as to what a syn scan is, well basically a tcp connection
has what they call a 3 way handshake- before a connection is actually
'connected', the first packet sent to a computer when you try to
initiate a connection is a syn packet, or a tcp packet with the syn
bit set- its more or less saying, hello i would like to make a
connection please, then the server that gets the connection request
replies in a variety of ways, by rfc ??1192?? i think (working from
memory here- the initial tcp rfc, i know there are several, oh well
side point) acording to the rfc's, a port that is closed should reply
with the error message 'port unreachable', meaning there is no service
there, an open port/a port with an active server listening on it, will
reply with a tcp packet with the syn and ack bits set, saying yes i
got your reques to connect, then your computer should reply with a tcp
packet with the ack bit set, telling the server you got its reply, to
be a little more technical window sizes and sequence numbers are
agreed upon at the same time this is all happening (through the same
packets), assuming all went well now the client and the server are
actually connected to each other and any authentication process's at
that level may proceed, or data may be read/written, so now that ive
veered of course a little what is a syn scan?
well in the oldER days, alot of firewalls only had the ability to
block connections once they were connected, or just block them all
together- additionally most programs that detected port scans didnt
detect these so called stealth port scans, or half open port scans,
because a full connection was never made, but you could tell if there
was something there or not because of how the server replied to the
syn scan. Basically this was a way to try and find out if any services
were running on a certain port.
chances are your firewall is just a little overzealous, but i would
have to know more specific info to be sure of that.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Honor 9 Lite review

18 Best Adult Colouring In Books 2018

HomePod review

Les meilleures séries Netflix (2018)