hdmSECUREAUSTIN.COM

• Next message: Richard Sheng: "Trend Micro release patch for "OfficeScan DoS & Message Replay" V ulnerabilies"
• Previous message: Dan Harkless: "Re: Unexpected and dangerous AIX 4.X linker behavior"
• In reply to: Andrew van der Stock: "Advisory Update: ServerIron TCP/IP predictability fixed"
• Next in thread: Max Vision: "Re: Advisory Update: ServerIron TCP/IP predictability fixed"
• Reply: H D Moore: "Re: Advisory Update: ServerIron TCP/IP predictability fixed"
• Reply: Max Vision: "Re: Advisory Update: ServerIron TCP/IP predictability fixed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

BeOS 4.0 also has a shoddy tcp/ip stack which increases the ISS by 1 per
connection. This may been fixed by now, I haven't tested it in over a
year.

-HD

Andrew van der Stock wrote:
> The ISS is incremented by 1 for each connection, and is thus easily
> spoofable and hijackable. The predictability exposes sideband information
> about when the switch is being used by other (possibly legitimate) users.
>
> The hosts behind the switch are NOT affected by this issue. The faked IP
> addresses offer the predictability of the hosted platform (ie Linux 2.2.14
> == good luck!, Win9x == trivial joke).

• Next message: Richard Sheng: "Trend Micro release patch for "OfficeScan DoS & Message Replay" V ulnerabilies"
• Previous message: Dan Harkless: "Re: Unexpected and dangerous AIX 4.X linker behavior"
• In reply to: Andrew van der Stock: "Advisory Update: ServerIron TCP/IP predictability fixed"
• Next in thread: Max Vision: "Re: Advisory Update: ServerIron TCP/IP predictability fixed"
• Reply: H D Moore: "Re: Advisory Update: ServerIron TCP/IP predictability fixed"
• Reply: Max Vision: "Re: Advisory Update: ServerIron TCP/IP predictability fixed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]