On Thu, 13 Mar 2003, Rob Shein wrote: > I'd be careful and make sure, if I were you. I don't think that the worm is > stateless, as it wouldn't be able to spread if it just sent data over TCP > without establishing the handshake first. When you just PSH without > handshaking first, your data gets rejected. A claim has been made that IE, IIS, and at least some flavors of Windows don't work like that. http://grotto11.com/blog/?+1039831658. I don't have time to verify the claim, but if it's true a worm spreading without the expected TCP handshake might well be possible. Rob -- ------------------------------------------------------------------------------ Rob McCauley Radiation Oncology Duke University Medical Center ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
This archive was generated by hypermail 2b30 : Thu Mar 13 2003 - 14:41:33 PST