IDS mailing list archives

RE: tcp overlap

From: "Rob Shein" <shoten () starpower net>
Date: Tue, 28 Jan 2003 13:31:13 -0500

Why not test it?  Use fragroute, that'll give you a number of options to try
it out for yourself in a lab environment :)

-----Original Message-----
From: fr0ck9 [mailto:fr0ck9 () yahoo com] 
Sent: Monday, January 13, 2003 2:17 PM
To: focus-ids () securityfocus com
Subject: Re: tcp overlap

I know Thomas Ptacek from Secure Networks documented
some findings that when an overlap occurs that the
following list of OS respond accordingly.  Has anyone
else verified this or have any insight?  

I did notice a posting on a mail list server that said
Ptacek's findings were inaccurate, but was unable to
find any other published data on the topic.

NT and Solaris favor OLD data when an overlap occurs.

HPUX, Linux, and BSD which favor NEW when it is a
forward overlap (otherwise they favor OLD). 

thanks.

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.

http://mailplus.yahoo.com

Current thread:

Re: tcp overlap fr0ck9 (Jan 15)
- Re: tcp overlap Jon Gary (Jan 16)
- Re: tcp overlap Thomas H. Ptacek (Jan 20)
- RE: tcp overlap Rob Shein (Jan 28)
  - RE: tcp overlap Umesh Shankar (Jan 29)
  - IDS security testing training Pete Herzog (Jan 29)