[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-ids
Subject:    RE: tcp overlap
From:       "Umesh Shankar" <ushankar () cs ! berkeley ! edu>
Date:       2003-01-28 19:29:24
[Download RAW message or body]

In our (mine and Vern Paxson's) work on Active Mapping, we gathered results
on TCP overlap (among other things) across a wide variety of OSes. 

An explanation of the policies and their observed values can be found in:
http://www.cs.berkeley.edu/%7Eushankar/research/active/activemap.pdf (I
believe there were at least 3 policies). 

Umesh

> -----Original Message-----
> From: Rob Shein [mailto:shoten@starpower.net]
> Sent: Tuesday, January 28, 2003 10:31 AM
> To: 'fr0ck9'; focus-ids@securityfocus.com
> Subject: RE: tcp overlap
> 
> Why not test it?  Use fragroute, that'll give you a number of options to
> try
> it out for yourself in a lab environment :)
> 
> > -----Original Message-----
> > From: fr0ck9 [mailto:fr0ck9@yahoo.com]
> > Sent: Monday, January 13, 2003 2:17 PM
> > To: focus-ids@securityfocus.com
> > Subject: Re: tcp overlap
> >
> >
> > I know Thomas Ptacek from Secure Networks documented
> > some findings that when an overlap occurs that the
> > following list of OS respond accordingly.  Has anyone
> > else verified this or have any insight?
> >
> > I did notice a posting on a mail list server that said
> > Ptacek's findings were inaccurate, but was unable to
> > find any other published data on the topic.
> >
> > NT and Solaris favor OLD data when an overlap occurs.
> >
> > HPUX, Linux, and BSD which favor NEW when it is a
> > forward overlap (otherwise they favor OLD).
> >
> > thanks.
> >
> > __________________________________________________
> > Do you Yahoo!?
> > Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com


[prev in list] [next in list] [prev in thread] [next in thread]