Some ideas: --snip-- > of all, if it actually works like this (and IE works like stated in article Rob > posted), than that means that Windows' TCP/IP *STACK* is really broken. > Basically, this has nothing to do with IIS because IIS, as any other service, > just binds socket and waits for incoming data. TCP/IP stack is the one that > processes all incoming/outgoing traffic and delivers data to the application. > Remember that TCP packets are on the transport layer (or host level if you > prefer protocol relationships) and that actual HTTP data belongs to the > application layer (the OSI model). So, TCP/IP stack on the machine receiving > packet like that should send back RST - no way that packet should be processed > and delivered to application (if that is the case spoofing becomes extremely > easy). > --snip-- I'm no NT expert, but couldn't IIS be using raw sockets? If so, this would circumvent the OS IP stack and IIS could choose not to follow a standard TCP three way handshake. Andrew ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
This archive was generated by hypermail 2b30 : Sun Mar 16 2003 - 21:50:54 PST