RE: tcp overlap

["Umesh Shankar" <ushankar () cs berkeley edu>]

In our (mine and Vern Paxson's) work on Active Mapping, we gathered results
on TCP overlap (among other things) across a wide variety of OSes. 

An explanation of the policies and their observed values can be found in:
http://www.cs.berkeley.edu/%7Eushankar/research/active/activemap.pdf (I
believe there were at least 3 policies). 

Umesh

> -----Original Message-----
> From: Rob Shein [mailto:shoten () starpower net]
> Sent: Tuesday, January 28, 2003 10:31 AM
> To: 'fr0ck9'; focus-ids () securityfocus com
> Subject: RE: tcp overlap
>
> Why not test it?  Use fragroute, that'll give you a number of options to
> try
> it out for yourself in a lab environment :)
>
> > -----Original Message-----
> > From: fr0ck9 [mailto:fr0ck9 () yahoo com]
> > Sent: Monday, January 13, 2003 2:17 PM
> > To: focus-ids () securityfocus com
> > Subject: Re: tcp overlap
> >
> >
> > I know Thomas Ptacek from Secure Networks documented
> > some findings that when an overlap occurs that the
> > following list of OS respond accordingly.  Has anyone
> > else verified this or have any insight?
> >
> > I did notice a posting on a mail list server that said
> > Ptacek's findings were inaccurate, but was unable to
> > find any other published data on the topic.
> >
> > NT and Solaris favor OLD data when an overlap occurs.
> >
> > HPUX, Linux, and BSD which favor NEW when it is a
> > forward overlap (otherwise they favor OLD).
> >
> > thanks.
> >
> > __________________________________________________
> > Do you Yahoo!?
> > Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com