IDS mailing list archives
Re: tcp overlap
From: Jon Gary <fireball () skylab org>
Date: Wed, 15 Jan 2003 12:46:49 -0800 (PST)
I'm not too sure how accurate his data is, but I can tell you that not all versions of NT respond the same. Among windows versions, some prefer old data, and other prefer new data, sometimes depending on service pack level. Most still prefer old data, if memory serves, but some configurations of the server OSs prefer new data. To be fair to Ptacek, his findings were mad long enough ago that this probably wasn't the case then. -Jon Gary On Mon, 13 Jan 2003, fr0ck9 wrote:
I know Thomas Ptacek from Secure Networks documented some findings that when an overlap occurs that the following list of OS respond accordingly. Has anyone else verified this or have any insight? I did notice a posting on a mail list server that said Ptacek's findings were inaccurate, but was unable to find any other published data on the topic. NT and Solaris favor OLD data when an overlap occurs. HPUX, Linux, and BSD which favor NEW when it is a forward overlap (otherwise they favor OLD). thanks. __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
Current thread:
- Re: tcp overlap fr0ck9 (Jan 15)
- Re: tcp overlap Jon Gary (Jan 16)
- Re: tcp overlap Thomas H. Ptacek (Jan 20)
- RE: tcp overlap Rob Shein (Jan 28)
- RE: tcp overlap Umesh Shankar (Jan 29)
- IDS security testing training Pete Herzog (Jan 29)