|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Crist Clark (crist.clark
globalstar.com)Date: Fri May 11 2001 - 12:58:31 CDT
Denis Ducamp wrote:
[snip]
> Now some systems protects against been used to spoof-scan :
[snip]
> . Linux 2.4.x : IPID is null if the packet is small enought to be carried
> unfragmented in which case the DF (don't fragment) bit is set
> . others perhaps ?
Ah-ha!!! So that might be the cause of those bizarre signatures I have
been seeing. Can anyone point me to documentation of this
Linux-IP-stack-of-the-week feature? Would this and ECN (what looks to
me like broken ECN) account for,
http://www.securityfocus.com/archive/75/178231
-- Crist J. Clark Network Security Engineer crist.clarkThe information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact postmaster
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]