OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Corrections for "Using the Unused" and for "The DF Playground"
From: Ofir Arkin (ofiritcon-ltd.com)
Date: Wed Sep 13 2000 - 03:51:00 CDT

Apparently I had a mistake in my postings regarding OpenBSD.

As it turn out, OpenBSD DOES not set the DF on the replies and
DOES not echo the Reserved bit.

What this means is Solaris is the ONLY operating system to set
the DF bit on ICMP Query replies enabling us to identify it exclusively.

And Solaris and HPUX 11.0 are the ONLY operating systems to Echo
back the Reserved Bit.

Since Solaris sets the DF bit as well we can distinguish between
Sun Solaris Machines and HPUX 11.0 machines.

For all of you who wrote back to say that we can turn off replies
for various ICMP Queries with Solaris - PLEASE DO SO! This is the reason
for all this :)

I am sorry for the inconvenient and for the error.

Ofir Arkin [ofiritcon-ltd.com]
Senior Security Analyst
Chief of Grey Hats
ITcon, Israel.
http://www.itcon-ltd.com

Personal Web page: http://www.sys-security.com

"Opinions expressed do not necessarily
represent the views of my employer."
 

--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to
nmap-hackers-helpinsecure.org . List run by ezmlm-idx (www.ezmlm.org).