Saturday, 2 February 2013

Packets with Non-standard IP or TCP Flags


Packets with Non-standard IP or TCP Flags

Setting unexpected or illegal flags in the IP or TCP header sections can
enable us to detect the remote OS, as vendors have interpreted (or
ignored) the RFC in different ways.
The target's handling of overlapping IP fragments can lead to
identification. Some OS' will place greater precedence on the first
packets received, others on the latter.
TCP headers present us with a number of interesting techniques. By
RFC793, a stack receiving an unsolicited FIN flag (or indeed a NULL
headed packet) should offer no response. Many implementations,
including Microsoft and CISCO, deviate from the RFC and return an
RST packet.
at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
  • Substitute Bytes Transformation
    Substitute Bytes Transformation Forward and Inverse Transformations The forward substitute byte transformation , called SubBytes,...
  • Finding the Greatest Common Divisor
    Finding the Greatest Common Divisor The Euclidean algorithm is based on the following theorem: For any nonnegative integer a and any...