> LigerTeam, strongly propose inserting of
> solution code before the computing of flag
> variable.
>
> flag = flags & 0x3f;
The more robust fix is to systematically test for TCP flags by masking
to the value being tested. For example:
#define TEST_FLAGS(flags, mask) (((flags) & (mask)) == (mask))
Otherwise you are still vulnerable to attackers setting legitimate flags
in bogus combinations, such as adding URG to a SYN.
Vern
- unused bit attack alert LigerTeam
- Re: unused bit attack alert Jochen Bauer
- Re: unused bit attack alert Carlos García Argos
- Re: unused bit attack alert CyberPsychotic
- Re: unused bit attack alert Mullen, Patrick
- Re: unused bit attack alert Vern Paxson
- Re: unused bit attack alert antirez
- Re: unused bit attack alert Max Vision
- Re: unused bit attack alert Max Vision
