Bugtraq mailing list archives
Security hole in Linux TCP stack (2.1.53 and all the rest)
From: root () IO STARGATE CO UK (Superuser)
Date: Sun, 7 Sep 1997 16:00:59 +0059
Inspired by an article in phrack that checked for ports by using bugs 1) Send an ACK and FIN packet. If you get an RST the port is not listenning 2) Send an ACk and check the RST for ttl decrease or window expansion (either means listenning) I discovered another bug. If you send a packet with FIN but not ACK set then Linux will disgard the packet if the port is listening and send RST if not. This allows "sleath" port scanning... not good. May I suggest anyone who sends a packet with ACK set to a listenning sockets gets an RST and a free entry in the system log, complete with their IP address for convient emialing of their ISP if they send a lot. Duncan (-:
Current thread:
- Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable Aleph One (Sep 05)
- promisc.c,v null: test devices for sniffers and device moniters. blind (Sep 03)
- Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable David J. Meltzer (Sep 05)
- procfs take II Brian Mitchell (Sep 05)
- Security hole in Linux TCP stack (2.1.53 and all the rest) Superuser (Sep 07)
- sleath port scanning fix Superuser (Sep 07)
- DOS vulnerability in Livingston portmasters (pre 3.7) Dave Andersen (Sep 07)
- Re: sleath port scanning fix Darren Reed (Sep 08)
- Re: sleath port scanning fix Thamer Al-Herbish (Sep 08)