14:29:04.190093 > 208.142.2.122.1030 > my.localhost.111: S 825202549:825202549(0) win
16384 (DF) (ttl 128, id 56544)
4500 0030 dce0 4000 8006 cbdd d08e 027a
xxxx xxxx 0406 006f 312f 9775 0000 0000
7002 4000 2450 0000 0204 05b4 0102 0403
14:29:04.210093 > 206.58.94.136.1243 > my.localhost.111: S 2834591913:2834591913(0)
win 16384 (DF) (ttl 128, id 9993)
4500 0030 2709 4000 8006 27fb ce3a 5e88
xxxx xxxx 04db 006f a8f4 70a9 0000 0000
7002 4000 78c7 0000 0204 05b4 0102 0403
14:29:04.230093 > 210.2.38.193.1165 > my.localhost.111: S 3280166353:3280166353(0)
win 16384 (DF) (ttl 128, id 50825)
4500 0030 c689 4000 8006 bc79 d202 26c1
xxxx xxxx 048d 006f c383 5dd1 0000 0000
7002 4000 a55d 0000 0204 05b4 0102 0403
14:29:04.250093 < 129.9.246.243.1025 > my.localhost.111: S 4076280583:4076280583(0)
win 16384 (DF) (ttl 128, id 27099)
4500 003069db 4000 8006 99ee 8109 f6f3
xxxx xxxx 0401 006f f2f7 1b07 0000 0000
7002 4000 3a06 0000 0204 05b4 0102 0403juno.c'nin tcpdump analizi
securityfocus'da mevcut. Isteyen girip inceleyebilir. Analizi yapan şahıs diyor ki ;
* Source IP addresses are random, as they are spoofed; ( Kaynak IP adresleri rastgele ve spooflanmış halde )
* Sequence Numbers (in bold) are random; and, ( dizin numaraları rastgele)
* Source ports are random as well. ( ve kaynak portları rastgele )
Pardon, portlar rastgele iken belirlediğiniz 2 portu kapamak tam olarak nasıl çözüm olabiliyor ?