LigerTeam wrote: > "unused bit attack" > > Our Team discovered one problem, > in some case it's simple, > but it could be serious problem of security > in the programming related with tcp/ip. > > In fact, TCP header is 6 kinds of > tcp flag (SYN, ACK, PSH, RST, FIN, URG). > > problem is the flag value in TCP header > approaches to 1byte variable of u_char type. > ex)see tcp.h file > > The flag value Each one correspond to 1 bit, > but it have unused 2 bit. > > |unused|unused|URG|ACK|PSH|RST|SYN|FIN| Those 2 unused bit are exactly those QueSO uses to detect an Operating System, since there's no specified response to a TCP packet with those bit on, it depends on the kind of tcp/ip stack the OS uses. More information on http://apostols.org/projectz/queso/ -- ---------------------------- <BoKeRoN> ------------------------------- -- < Carlos García Argos - Estudiante de Ing. Telecomunicación > -- -- < SuSE LiNUX 6.2 kernel 2.2.12 - Socio de LiMA (LiNUX Málaga) > -- -- < Usuario de LiNUX registrado número 160070 > -- -- < IRC: @#malaga @#telecos_malaga @#linux-malaga @#teleco > -- -- < http://pagina.de/telecos_malaga >--< http://fly.to/bokeron > -- -- < FidoNet: 2:345/430.25 (Brother BBS) > -- ----------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:36:35 PDT