('binary' encoding is not supported, stored as-is) In-Reply-To: <008d01c3371a$fd5417d0$be01a8c0@ian> Say, could you explain a little further on the paragraph that reads: "The trojan appears to contain some functionality to change the IP address it delivers its packet captures to, but this functionality is not operational in the trojan we have obtained. It appears the stubbed out code, if activated, would function as follows: If a packet is captured that contains a window size of 55808 and a TCP option window scale of 2, the trojan modifies the IP address packet captures are delivered to based on the sequence number of that packet." Specifically what effect would this have if it were to be made operational. I'm not really a tcp pro but I am interested in what this thing might look like in the near future. much appreciated. ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon Jun 23 2003 - 20:24:18 PDT