| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.BSO.4.44.0503311310140.23429-100000@eurocompton.net> Date: Thu Mar 31 19:11:40 2005 From: optimist at eurocompton.net (pretty vacant) Subject: Reverse engineering the Windows TCP stack FYI: TcpMaxConnectRetransmissions Key: Tcpip\Parameters Value Type: REG_DWORD - Number Valid Range: 0 - 0xFFFFFFFF Default: 5 Description: This parameter determines the number of times that TCP retransmits a connect request (SYN) before aborting the attempt. The retransmission timeout is doubled with each successive retransmission in a particular connect attempt. The initial timeout value is three seconds. -----Original Message----- From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Nicolas RUFF (lists) Sent: Thursday, March 31, 2005 1:03 PM To: full-disclosure@...ts.grok.org.uk Subject: Re: [Full-disclosure] Reverse engineering the Windows TCP stack >>>Hey, I am looking for Windows TCP/IP stack information, I would like >>>to know why it behaves inconsistently to SYN|FIN|URG|PSH! > I'm curious about this one too...can you guys keep the replies on the list? Well, at least when you try to connect to a closed port, Windows retries several times (SYN) even when RST has been received. My Linux don't. -> "telnet <non firewalled ip> <closed port>" while running Ethereal. However I am not sure whereas it is the TCP/IP stack or the Winsock layer that induces this behaviour. TCP/IP fingerprinting relies on such oddities, I guess a little Googling would help. Regards, - Nicolas RUFF
Powered by blists - more mailing lists