At 11:42 14/07/1999 +0000, Technical Incursion Countermeasures wrote:
>from the ISSALERT...
>
>"The format of the BO2k packets is
>
>[Length (4 bytes)][Data that is 'Length' long]
>
>By looking for a series of packets that contain a 4 byte length (in
>little-endian byte order), followed by that length of data, you can detect
>all BO2k packets, regardless of the encryption used. This format is used
>on both the TCP and UDP transports.
Just a tought, but, as BO2K will be released in source code, what prevents
a basically skilled user to modify the packet format ? Then, this modified
BO2K will not be recognized.
I'm also quite afraid that this basic encoding is used by other applications
as well...
Just my 0.01 EUR (which is nothing nowadays :-( )
-eric
Eric Vyncke
Consulting Engineer Cisco Systems EMEA
Phone: +32-2-778.4677 Fax: +32-2-778.4300
E-mail: [EMAIL PROTECTED] Mobile: +32-75-312.458
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
