<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Security hole in Linux TCP stack (2.1.53 and all the rest)

Security hole in Linux TCP stack (2.1.53 and all the rest)

From: Superuser <root_at_IO.STARGATE.CO.UK>
Date: Sun, 7 Sep 1997 16:00:59 +0059

Inspired by an article in phrack that checked for ports by using bugs
1) Send an ACK and FIN packet. If you get an RST the port is not listenning
2) Send an ACk and check the RST for ttl decrease or window expansion (either
means listenning)

I discovered another bug. If you send a packet with FIN but not ACK set then
Linux will disgard the packet if the port is listening and send RST if not.
This allows "sleath" port scanning... not good. May I suggest anyone who
sends a packet with ACK set to a listenning sockets gets an RST and a free
entry in the system log, complete with their IP address for convient emialing
of their ISP if they send a lot.

Duncan (-:
Received on Sep 08 1997

This message: [ Message body ]
Next message: Superuser: "sleath port scanning fix"
Previous message: Brian Mitchell: "procfs take II"
In reply to: Aleph One: "Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable"
Next in thread: Superuser: "sleath port scanning fix"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]