[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] After checking logs found this...
- Subject: RE: [cobalt-security] After checking logs found this...
- From: "Render-Vue" <sales@xxxxxxxxxxxxxx>
- Date: Fri, 7 Sep 2001 09:13:33 +1200
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Mark,
Thank you for the prompt reply - I can sleep easy now (hee hee)
<snip>
Chae,
this is the kernel telling you that someone sent a malformed packet to
your host. Piece by piece it means: PROTO=6 means that it is a TCP packet
(numbers 6 or 0 == TCP). The L=20 means that the IP header is 20 bytes
long. The S=0x00 means (I think) TCP sequence number 0. I'm not sure what
I means, but F=0x6000 means that the TCP flags are (in binary)
0110000000000000. That translates to TCP SYN and RST being set.
The good news is that the Cobalt/Linux kernel does not appear to be
vulnerable to this attack. I hope this helps.
-Mark Carey
Network Security Engineer,
Sun MicroSystems.
</snip>
Regards from Auckland
Chae