Monday, August 3, 2015

Stimulus and response revisited

The information below represents some previous research I had completed. Recently I wanted to quickly see what the response should be for a certain packet and needed to revisit that document. As a result, I decided to simply have that information directly available, so I can get it quickly if needed.

Basically, the objective of this research was to see how Windows 2012 and CentOS 6.5 respond when a specific TCP packet is sent to it.


Stimulus
Response
Windows 2012Linux CentOS 6.5
80 (Listening)81 (Not listening)80 (Listening)81 (Not listening)
FINRST-ACKRST-ACKSilent DiscardRST-ACK
SYNSYN-ACKRST-ACKSYN-ACKRST-ACK
RSTSilent DiscardSilent DiscardSilent DiscardSilent Discard
ACKRSTRSTRSTRST
PSHRST-ACKRST-ACKSilent DiscardRST-ACK
URGRST-ACKRST-ACKSilent DiscardRST-ACK
FIN-SYNRST-ACKRST-ACKSilent DiscardRST-ACK
RST-PSHSilent DiscardSilent DiscardSilent DiscardSilent Discard
ACK-URGRSTRSTRSTRST
URG-FINRST-ACKRST-ACKSilent DiscardRST-ACK
URG-SYNSYN-ACKRST-ACKSYN-ACKRST-ACK
URG-RSTSilent DiscardSilent DiscardSilent DiscardSilent Discard
URG-PSHRST-ACKRST-ACKSilent DiscardRST-ACK
ACK-PSHRSTRSTRSTRST
ACK-RSTSilent DiscardSilent DiscardSilent DiscardSilent Discard
SYN-ACKRSTRSTRSTRST
FIN-ACKRSTRSTRSTRST
PSH-SYNSYN-ACKRSTSYN-ACKRST
PSH-FINRST-ACKRST-ACKSilent DiscardRST-ACK
RST-SYNSilent DiscardSilent DiscardSilent DiscardSilent Discard
RST-FINSilent DiscardSilent DiscardSilent DiscardSilent Discard
SYN-FINRST-ACKRST-ACKSilent DiscardRST-ACK
URG-ACK-PSHRSTRSTRSTRST
URG-ACK-RSTSilent DiscardSilent DiscardSilent DiscardSilent Discard
URG-ACK-SYNRSTRSTRSTRST
URG-ACK-FINRSTRSTRSTRST
FIN-SYN-RSTSilent DiscardSilent DiscardSilent DiscardSilent Discard
FIN-SYN-PSHRST-ACKRST-ACKSilent DiscardRST-ACK
FIN-SYN-ACKRSTRSTRSTRST
FIN-SYN-URGRST-ACKRST-ACKSilent DiscardRST-ACK
SYN-RST-PSHSilent DiscardSilent DiscardSilent DiscardSilent Discard
SYN-RST-ACKSilent DiscardSilent DiscardSilent DiscardSilent Discard
SYN-RST-URGSilent DiscardSilent DiscardSilent DiscardSilent Discard
PSH-RST-ACKSilent DiscardSilent DiscardSilent DiscardSilent Discard
PSH-ACK-SYNRSTRSTRSTRST
PSH-FIN-SYNRST-ACKRST-ACKSilent DiscardRST-ACK
PSH-RST-SYNSilent DiscardSilent DiscardSilent DiscardSilent Discard
RST-ACK-SYNSilent DiscardSilent DiscardSilent DiscardSilent Discard
RST-FIN-SYNSilent DiscardSilent DiscardSilent DiscardSilent Discard
RST-URG-FINSilent DiscardSilent DiscardSilent DiscardSilent Discard
RST-PSH-FINSilent DiscardSilent DiscardSilent DiscardSilent Discard
URG-ACK-PSH-RSTSilent DiscardSilent DiscardSilent DiscardSilent Discard
URG-ACK-PSH-SYNRSTRSTRSTRST
URG-ACK-PSH-FINRSTRSTRSTRST
ACK-PSH-RST-SYNSilent DiscardSilent DiscardSilent DiscardSilent Discard
ACK-PSH-RST-FINSilent DiscardSilent DiscardSilent DiscardSilent Discard
PSH-RST-SYN-FINSilent DiscardSilent DiscardSilent DiscardSilent Discard
URG-ACK-SYN-FINRSTRSTRSTRST
PSH-ACK-URG-FINRSTRSTRSTRST
URG-ACK-PSH-RST-SYNSilent DiscardSilent DiscardSilent DiscardSilent Discard
URG-ACK-PSH-RST-FINSilent DiscardSilent DiscardSilent DiscardSilent Discard
ACK-PSH-RST-SYN-FINSilent DiscardSilent DiscardSilent DiscardSilent Discard

Developed by Abdul Kittana and Nik Alleyne for securitynik.blogspot.ca




Blackhole





Identifies the same response





Identifes Difference in response for listening ports











Enjoy!





No comments:

Post a Comment