Hi Marco!
Hey Andrea,
- [PIRELLI HOME ACCESS GATEWAY]
Based on your tests, this device shows the standard incremental IP ID
behaviour: so, nothing special here.
- [MY BOX WITH 2.6.15.6 #1 i686 pentium4 GNU/Linux (vanilla)]
[snip]
(closed port + S flag)
[EMAIL PROTECTED]:~$ cat
Alle 10:33, martedì 14 marzo 2006, Marco Ivaldi ha scritto:
I've recently stumbled upon an interesting behaviour of some Linux kernels
that may be exploited by a remote attacker to abuse the ID field of IP
packets, effectively bypassing the zero IP ID in DF packets countermeasure
implemented
I've received a couple of off-list replies. See my comments in-line.
On Tue, 14 Mar 2006, Martin Mačok wrote:
Have you verified that the sequence is global and not only per peer? The
latter would mean that vuln can't be used as a middle-man for IDLE
scanning...
Yeah, of course i've verified
Hello Bugtraq,
I've recently stumbled upon an interesting behaviour of some Linux kernels
that may be exploited by a remote attacker to abuse the ID field of IP
packets, effectively bypassing the zero IP ID in DF packets countermeasure
implemented since 2.4.8 (IIRC).
This is the correct
