RE: CodeRed Observations.
From: Micha³ Rogala (rogala@pro.onet.pl)
Date: 03/13/03
- Previous message: Russell Fulton: "Re: FW: CodeRed Observations."
- In reply to: Rob Shein: "RE: CodeRed Observations."
- Next in thread: Rob McCauley: "RE: CodeRed Observations."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 13 Mar 2003 23:57:25 +0100 (CET) From: Micha³ Rogala <rogala@pro.onet.pl> To: Rob Shein <shoten@starpower.net>
On Thu, 13 Mar 2003, Rob Shein wrote:
> I'd be careful and make sure, if I were you. I don't think that the worm is
> stateless, as it wouldn't be able to spread if it just sent data over TCP
> without establishing the handshake first. When you just PSH without
> handshaking first, your data gets rejected.
some time ago it turned out that IIS accepts HTTP requests without
TCP handshake in order to "improve" speed of transmission....(yuck!) -
I heard that MSIE 'exploits' this and therefore it is faster in some
benchmarks......
-- Micha? `Rogal` Rogala rogala@pro.onet.pl GG:#5302321 "To nie ZUS, tu nie ma miejsca na bledy" ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
- Previous message: Russell Fulton: "Re: FW: CodeRed Observations."
- In reply to: Rob Shein: "RE: CodeRed Observations."
- Next in thread: Rob McCauley: "RE: CodeRed Observations."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
