Bugtraq mailing list archives
Re: unused bit attack alert
From: fygrave () EPR0 ORG (CyberPsychotic)
Date: Wed, 23 Feb 2000 08:34:39 +0500
On Mon, 21 Feb 2000 out of nowhere LigerTeam spoke: ~:The flag value Each one correspond to 1 bit, ~:but it have unused 2 bit. ~: ~:|unused|unused|URG|ACK|PSH|RST|SYN|FIN| ~: ~:Understanding of the very problem is simple. not new. These bits have been already used by queso fingerprints while ago (`f' type of packet). Whether these bits are considered or ignored also apparently depends on the tcp-stack implementation. (linux vs. MacOS f.e) ~:When the flags variable in tcp header is adjusted ~:totally with given value, ~:higher two bit(unused bit) must be cleared ~:and set at 0. wouldn't agree. By rfc two higher bits here are considered `reserved' and should be set to `0'. Having seen these bits being set to `1' is already a good indication of hostile activity or broken hardware in your network, so you should be able to spot these packets too. -- Key fingerprint = 4422 16FC 3C7D E10A B044 CA4F 2BE0 3943 9758 9324 http://www.kalug.lug.net/fygrave/
Current thread:
- Re: flex license manager tempfile predictable name..., (continued)
- Re: flex license manager tempfile predictable name... Roelof JT Jonkman (Feb 22)
- Re: flex license manager tempfile predictable name... David Evans (Feb 23)
- FreeBSD Security Advisory: FreeBSD-SA-00:03.asmon Kris Kennaway (Feb 19)
- Re: cisco/ascend snmp config tool or exploit? -- Re: snmp problems still alive Michal Zalewski (Feb 20)
- Patch Available for "VM File Reading" Vulnerability Microsoft Product Security (Feb 19)
- Re: cisco/ascend snmp config tool or exploit? -- Re: snmp problems still alive Michal Zalewski (Feb 20)
- unused bit attack alert LigerTeam (Feb 21)
- A.L.E.R.T.: BigMailBox.com href tokens leave mailboxes open to control by a malicious site. Cancer Omega (Feb 21)
- Re: unused bit attack alert Jochen Bauer (Feb 22)
- Re: unused bit attack alert Carlos García Argos (Feb 22)
- Re: unused bit attack alert CyberPsychotic (Feb 22)
- Re: snmp problems still alive... Damir Rajnovic (Feb 17)