Re: CodeRed Observations. ##
From: Andrew Bates (abates@omeganetserv.com)
Date: 03/18/03
- Previous message: Robinson, Jonathon: "SPM2000$ Rouge Share"
- In reply to: root: "RE: CodeRed Observations. ##"
- Next in thread: Rob Shein: "RE: CodeRed Observations. ##"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Andrew Bates" <abates@omeganetserv.com> To: "root" <root@ns1.transurban.com.au>, <incidents@securityfocus.com> Date: Tue, 18 Mar 2003 12:38:10 -0700
> Heres the article that I read about IIS and IE interactions:
> http://grotto11.com/blog/slash.html?+1039831658 . Besides quicker
> propagation, not using a handshake would allow spoofed IPs so that it
> would be harder to track down and fix.
If you read through to the end of the article, the author points out that
they discovered NT 4.0 IP stack was performing this, and that any client or
server running on top of NT would behave in this manner. So it does not
appear to be a "feature" of IE or IIS, but, rather, a feature of NT 4.0.
These results were also presented in 1997, and the author suggests that the
NT stack may have been changed since then.
Andrew
----------------------------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
- Previous message: Robinson, Jonathon: "SPM2000$ Rouge Share"
- In reply to: root: "RE: CodeRed Observations. ##"
- Next in thread: Rob Shein: "RE: CodeRed Observations. ##"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
