| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri May 5 22:24:06 2006 From: rembrandt at jpberlin.de (rembrandt@...erlin.de) Subject: Idle scan rediscovered!!! > Le vendredi 05 mai 2006 ? 16:11 -0400, Tim a ?crit : >> > Gives back exploitable incremental IPID on a Linux 2.6.15 box. >> Are you sure? Just because the sequences are predictable or even >> incremental for your source host doesn't mean it is exploitable. This >> is old information, but I would assume it is still the case (until >> someone presents hard evidence otherwise): > > I'm aware of this fact. As I figure all my tests were done from the same > box, I'll still have to check it out. Let me test it more intensively > after this week-end and I'll let you know. AND FTP-Bounce is dead too.. right? Wrong... Your assumption that the idlescan is dead where wrong.. no investigation needed.... You wanna (or wont..) check different distributions (Loonix) BSDs and other OSs and you`ll find a lot neat working OSs (in fact Stacks). "So I decided to go puplic" -> wow.... Some peoples even thought smurf was dead but MS 2003 Svr proofed us all wrong. (It was smurf..or? does not matter anyway..) ;) Rembrandt
Powered by blists - more mailing lists