LigerTeam wrote:
> "unused bit attack"
>
> Our Team discovered one problem,
> in some case it's simple,
> but it could be serious problem of security
> in the programming related with tcp/ip.
>
> In fact, TCP header is 6 kinds of
> tcp flag (SYN, ACK, PSH, RST, FIN, URG).
>
> problem is the flag value in TCP header
> approaches to 1byte variable of u_char type.
> ex)see tcp.h file
>
> The flag value Each one correspond to 1 bit,
> but it have unused 2 bit.
>
> |unused|unused|URG|ACK|PSH|RST|SYN|FIN|
Those 2 unused bit are exactly those QueSO uses to detect an Operating
System, since there's no specified response to a TCP packet with those
bit on, it depends on the kind of tcp/ip stack the OS uses. More
information on http://apostols.org/projectz/queso/
--
---------------------------- <BoKeRoN> -------------------------------
-- < Carlos Garc�a Argos - Estudiante de Ing. Telecomunicaci�n > --
-- < SuSE LiNUX 6.2 kernel 2.2.12 - Socio de LiMA (LiNUX M�laga) > --
-- < Usuario de LiNUX registrado n�mero 160070 > --
-- < IRC: @#malaga @#telecos_malaga @#linux-malaga @#teleco > --
-- < http://pagina.de/telecos_malaga >--< http://fly.to/bokeron > --
-- < FidoNet: 2:345/430.25 (Brother BBS) > --
----------------------------------------------------------------------
