obscure way kkk
I do not know how obscure this is, but everything indicates that the RFC, unsolicited%% packets should be answered with TCP ACK
(connection refused), which can be "abused" (and is) by programs that do network scans, known as SYN SCANs.
They start a TCP RST
but do not end - only parse the handshake
response.
There are a number of these, one of them is Microsoft's own, and it's called psping .
Using the following .bat:
@echo off
for /L %%a in (1,1,255) do (
psping -n 2 192.168.10.%%a:3389
)
Note the port usage of host
, 3389 - I got response from remote desktop
windows and mac that had the service enabled and disabled.
TCP connect to 192.168.20.26:3389:
3 iterations (warmup 1) ping test:
Connecting to 192.168.20.26:3389 (warmup): from 0.0.0.0:63028:
The remote computer refused the network connection.
In this case, if the computer is refusing the connection, we can assume that it exists ... xD
And in the case of this old friend of mine, who blocks ICMP:
Pinging 192.168.10.200 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
He did not expect this:
PsPing v2.10 - PsPing - ping, latency, bandwidth measurement utility
Copyright (C) 2012-2016 Mark Russinovich
Sysinternals - www.sysinternals.com
TCP connect to 192.168.10.200:3389:
11 iterations (warmup 1) ping test:
Connecting to 192.168.10.200:3389 (warmup): from 192.168.10.192:63049: 0.64ms
Connecting to 192.168.10.200:3389: from 192.168.10.192:63050: 0.47ms
Connecting to 192.168.10.200:3389: from 192.168.10.192:63051: 0.54ms
Connecting to 192.168.10.200:3389: from 192.168.10.192:63052: 0.53ms
Connecting to 192.168.10.200:3389: from 192.168.10.192:63053: 0.54ms
Connecting to 192.168.10.200:3389: from 192.168.10.192:63054: 0.53ms
This technique will not always work, obviously - and it is possible to test other ports (I have not been particularly lucky with them), but say that the SYN SCANs have ...;)
Sources:
ping alternative for tcp #
26.05.2017 / 22:45