[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] After checking logs found this...

Subject: RE: [cobalt-security] After checking logs found this...
From: "Render-Vue" <sales@xxxxxxxxxxxxxx>
Date: Fri, 7 Sep 2001 09:13:33 +1200
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Mark,

Thank you for the prompt reply - I can sleep easy now (hee hee)

<snip>
Chae,
 this is the kernel telling you that someone sent a malformed packet to
your host.  Piece by piece it means: PROTO=6 means that it is a TCP packet
(numbers 6 or 0 == TCP).  The L=20 means that the IP header is 20 bytes
long.  The S=0x00 means (I think) TCP sequence number 0.  I'm not sure what
I means, but F=0x6000 means that the TCP flags are (in binary)
0110000000000000.  That translates to TCP SYN and RST being set.

The good news is that the Cobalt/Linux kernel does not appear to be
vulnerable to this attack.  I hope this helps.

-Mark Carey
Network Security Engineer,
Sun MicroSystems.
</snip>

Regards from Auckland

Chae

Prev by Date: [cobalt-security] Raq3 poprelay update?
Next by Date: Re: [cobalt-security] Jeff Lovell: (was: Software update for those who aren't receiving from the list)
Previous by thread: RE: [cobalt-security] After checking logs found this...
Next by thread: [cobalt-security] PHP 4.0.6 for RaQ4 released

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index