> LigerTeam, strongly propose inserting of > solution code before the computing of flag > variable. > > flag = flags & 0x3f; The more robust fix is to systematically test for TCP flags by masking to the value being tested. For example: #define TEST_FLAGS(flags, mask) (((flags) & (mask)) == (mask)) Otherwise you are still vulnerable to attackers setting legitimate flags in bogus combinations, such as adding URG to a SYN. Vern
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:36:39 PDT