Le vendredi 05 mai 2006 à 12:33 -0400, Tim a écrit : > Sorry, I'm having difficulty following some of the details of your > results. Are you using the Windows machines as the idle hosts only, or > is the Ubuntu box also being used as an idle host in some > configurations?
As standard 2.4/2.6 kernels behaviour is to set DF flag to 1, and IPID to 0, it's a very bad candidate for an idle host. And sadly, it's no news that Windows boxes are prone to idle scanning because they have an incremental IPID generator... -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
