Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: unused bit attack alert
From: MDARGOS () SANTANDERSUPERNET COM (Carlos García Argos)
Date: Tue, 22 Feb 2000 16:49:04 +0100


LigerTeam wrote:

  "unused bit attack"

 Our Team discovered one problem,
 in some case  it's simple,
but it could be serious problem of security
in the programming related with tcp/ip.

In fact, TCP header is 6 kinds  of
tcp  flag (SYN, ACK,  PSH, RST, FIN,  URG).

problem is the flag value in TCP header
approaches to 1byte variable of u_char type.
ex)see tcp.h file

The flag value Each  one correspond to 1 bit,
but it have unused 2 bit.

|unused|unused|URG|ACK|PSH|RST|SYN|FIN|

Those 2 unused bit are exactly those QueSO uses to detect an Operating
System, since there's no specified response to a TCP packet with those
bit on, it depends on the kind of tcp/ip stack the OS uses. More
information on http://apostols.org/projectz/queso/

--
---------------------------- <BoKeRoN> -------------------------------
-- <   Carlos García Argos - Estudiante de Ing. Telecomunicación  > --
-- <  SuSE LiNUX 6.2 kernel 2.2.12 - Socio de LiMA (LiNUX Málaga) > --
-- <          Usuario de LiNUX registrado número 160070           > --
-- <    IRC: @#malaga @#telecos_malaga @#linux-malaga @#teleco    > --
-- <  http://pagina.de/telecos_malaga >--< http://fly.to/bokeron  > --
-- <            FidoNet: 2:345/430.25 (Brother BBS)               > --
----------------------------------------------------------------------



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault