Home page logo

bugtraq logo Bugtraq mailing list archives

Re: unused bit attack alert
From: fygrave () EPR0 ORG (CyberPsychotic)
Date: Wed, 23 Feb 2000 08:34:39 +0500

On Mon, 21 Feb 2000 out of nowhere LigerTeam spoke:

~:The flag value Each  one correspond to 1 bit,
~:but it have unused 2 bit.
~:Understanding of the very problem is simple.

not new. These bits have been already used by queso fingerprints while ago
(`f' type of packet). Whether these bits are considered or ignored also
apparently depends on the tcp-stack implementation. (linux vs. MacOS f.e)

~:When the flags variable in tcp header is adjusted
~:totally with given value,
~:higher two bit(unused bit) must be cleared
~:and set at 0.

wouldn't agree. By rfc two higher bits here are considered `reserved' and
should be set to `0'. Having seen these bits being set to `1' is already a
good indication of hostile activity or broken hardware in your network, so
you should be able to spot these packets too.

     Key fingerprint = 4422 16FC 3C7D E10A B044  CA4F 2BE0 3943 9758 9324

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]