Re: TCP Sequence Prediction

[pmal () SPACE GR (Panagiotis Malakoudis)]

I did the following to a new NT box
I started installing one by one all the service packs and after each
installation I used nmap with OS detection to check to difficulty level as
well as the OS detected
Here are my results

SP4 - Difficulty 3 - Detected as Windows NT4/Win95/Win98
SP5 - Difficulty 20 - Detected as Windows NT4/Win95/Win98
SP6 - Difficulty 2 - Detected as Windows NT4/Win95/Win98
SP6a - Difficulty 4 - Detected as Windows NT4/Win95/Win98
2047 Hotfix - Difficulty 13378 - Detected as Windows NT 4 Server with 2047
hotfixes

The prediction difficulty level is now higher (linux is much higher though -
about 12497330 with the 2.2.14 kernel) but the OS detection gives you too
many info (great job from  insecure.org) -  this makes the hotfix a possible
exploit candidate.

Panagiotis Malakoudis
Systems Administrator
Space Hellas S.A.

----- Original Message -----
From: Rob Lindenbusch <lfcrob () AI ORG>
To: <VULN-DEV () SECURITYFOCUS COM>
Sent: Monday, April 03, 2000 4:46 AM
Subject: Re: TCP Sequence Prediction

> SP 6a does not fix the TCP ISN problems. You still need to apply the
> hotfix. (Or at least I did on a fresh SP6a install).
>
>
> Paul Taylor wrote:
> > On Thu, 30 Mar 2000, Maxime Rousseau wrote:
> >
> > > I belive SP6a fixes the TCP sequence prediction issues. if not i am
certain
> > > there is a hotfix for it. In fact, if i remember correctly, the whole
SP6 vs
> > > SP6a deal was about this hotfix not being in... Someone correct me if
i am
> > > wrong here :)
> >
> > One of the major reasons SP6a was released was that SP6 broke Lotus
Notes.
> > Not a bad thing, IMHO.
> >
> > -p
>
> --
> Rob Lindenbusch
> Lead Systems Administrator
> Access Indiana Information Network
> E-mail: lfcrob () ai org
> Phone: (317)233-2378
> URL: http://www.state.in.us/