On Sun, 21 Oct 2001, Fernando Gont wrote:
> >That's an old explanation; basically any OS released in the last few years > >will throw old/random connections out of the queue when it fills up. > > Anyway, I wonder how the old implementations behaved, and why they behaved > like that. I don't think it's worth worrying about how old implementations behaved at this point in time. They weren't designed for the hostile environment of today's internet, and have long since been replaced by newer stacks with better countermeasures. If you encounter an old system, it's probably better to start upgrading it to a newer version of whatever OS it runs than to analyze it. > >(I'm assuming that's how Mitnick did it; I'm not aware that > >he has revealed exactly how he did anything, > > He didn't do it. It was the owner of the attacked host that revealed it, in > a post to comp.security.misc. Maybe I'll look for it some day. In either case, it doesn't matter anymore. We're using strong sequence numbers, and ip-based authentication has many better replacements now. Mike "Silby" Silbersack To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message