-
February 26th, 2003, 04:06 PM
#1
Senior Member
Norton IDS
Details: Intrusion: Invalid IP Flags
Intruder: 80.14.236.194
Risk Level: Low
Source IP address: 80.14.236.194
Destination IP address: michael(203.125.127.251)
Protocol: TCP.
IP Flags and Fragment Offset: 0x00009813. This field is invalid.
Click on the address to trace the attacker
You can get detailed information about this attack at Symantec Security Response
what is Invalid IP Flags?what is the threat?
-
February 26th, 2003, 04:09 PM
#2
Well, we can't really tell without the rest of the stream/datagram since those field are relative to the other packets...
Ammo
Credit travels up, blame travels down -- The Boss
-
February 26th, 2003, 05:18 PM
#3
Senior Member
Originally posted here by ammo
Well, we can't really tell without the rest of the stream/datagram since those field are relative to the other packets...
Ammo
what could be the threat?how can this Invalid IP help in penetrating my PC?
-
February 26th, 2003, 05:40 PM
#4
Hum, on second look, I'm not sure what they mean with
"IP Flags and Fragment Offset: 0x00009813"...
Do they offer any details somewhere in th doc/help?
Ammo
Credit travels up, blame travels down -- The Boss
-
February 27th, 2003, 02:16 AM
#5
Senior Member
Originally posted here by ammo
Hum, on second look, I'm not sure what they mean with
"IP Flags and Fragment Offset: 0x00009813"...
Do they offer any details somewhere in th doc/help?
Ammo
then i think norton didnt log it very well...
-
February 27th, 2003, 02:41 AM
#6
Normally invalid ip flags are an illegal combination of tcp flags which are set in the 13th byte
of the tcp header. The first two bits of the byte used to reserved but are now used for congestion management. The other 6 bits are used for your flags ie: syn/fin/ack/rst/psh/urg For example if you send a packet with the syn and fin flags set that would be an invalid flag combination.
-
February 27th, 2003, 05:07 PM
#7
Senior Member
-
February 27th, 2003, 06:25 PM
#8
Nah this is an old hack. Any ids system worth it's salt ie: Blackice amongst others will pick this
up all the time. Only of concern if you were running services on an unprotected box.
-
February 28th, 2003, 02:34 PM
#9
Senior Member
Originally posted here by don
Nah this is an old hack. Any ids system worth it's salt ie: Blackice amongst others will pick this
up all the time. Only of concern if you were running services on an unprotected box.
i wish to understand how it can compromise my system?what kind of service the unprotected box must be running?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|