On Thu, 13 Mar 2003, Rob Shein wrote: > I'd be careful and make sure, if I were you. I don't think that the worm is > stateless, as it wouldn't be able to spread if it just sent data over TCP > without establishing the handshake first. When you just PSH without > handshaking first, your data gets rejected. some time ago it turned out that IIS accepts HTTP requests without TCP handshake in order to "improve" speed of transmission....(yuck!) - I heard that MSIE 'exploits' this and therefore it is faster in some benchmarks...... -- Micha? `Rogal` Rogala rogalaat_private GG:#5302321 "To nie ZUS, tu nie ma miejsca na bledy" ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
This archive was generated by hypermail 2b30 : Thu Mar 13 2003 - 14:39:11 PST