IDS mailing list archives

Re: tcp overlap

From: Jon Gary <fireball () skylab org>
Date: Wed, 15 Jan 2003 12:46:49 -0800 (PST)

I'm not too sure how accurate his data is, but I can tell you that not all
versions of NT respond the same.  Among windows versions, some prefer old
data, and other prefer new data, sometimes depending on service pack
level.  Most still prefer old data, if memory serves, but some
configurations of the server OSs prefer new data.

To be fair to Ptacek, his findings were mad long enough ago that this
probably wasn't the case then.

-Jon Gary

On Mon, 13 Jan 2003, fr0ck9 wrote:

I know Thomas Ptacek from Secure Networks documented
some findings that when an overlap occurs that the
following list of OS respond accordingly.  Has anyone
else verified this or have any insight?

I did notice a posting on a mail list server that said
Ptacek's findings were inaccurate, but was unable to
find any other published data on the topic.

NT and Solaris favor OLD data when an overlap occurs.

HPUX, Linux, and BSD which favor NEW when it is a
forward overlap (otherwise they favor OLD).

thanks.

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

Current thread:

Re: tcp overlap fr0ck9 (Jan 15)
- Re: tcp overlap Jon Gary (Jan 16)
- Re: tcp overlap Thomas H. Ptacek (Jan 20)
- RE: tcp overlap Rob Shein (Jan 28)
  - RE: tcp overlap Umesh Shankar (Jan 29)
  - IDS security testing training Pete Herzog (Jan 29)