FingerPrint FreeBSD 2.2.5-STABLE
TSeq(Class=RI%gcd=2%SI=1826)
TSeq(Class=RI%gcd=2%SI=5F06)
TSeq(Class=RI%gcd=1%SI=5D9F)
T1(Resp=Y%DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=M)
T2(Resp=N)
T3(Resp=Y%DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=M)
T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=F%RIPCK=F%UCK=0%ULEN=134%DAT=E)
FingerPrint IRIX 6.5 IP30
TSeq(Class=TD%gcd=A0%SI=2B)
T1(Resp=Y%DF=N%W=C000%ACK=S++%Flags=AS%Ops=MNWNNT)
T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
T3(Resp=Y%DF=N%W=C000%ACK=O%Flags=A%Ops=NNT)
T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
It's odd that the 2.2.5-STABLE box wasn't caught by any of the
existing FreeBSD rules, but it looks like it handled the SYN packet
differently, at a minimum.
Last batch, I believe.
-Dave
--
work: danderse_at_cs.utah.edu me: angio_at_pobox.com
University of Utah http://www.angio.net/
Computer Science - Flux Research Group
Received on Dec 23 1998
Intro
