Subject: Re: Article
To: Andrew Brown <>
From: Ignatios Souvatzis <>
List: current-users
Date: 01/11/2003 18:07:56
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable


On Sat, Jan 11, 2003 at 11:24:39AM -0500, Andrew Brown wrote:

> yea, verily.  i have some (mostly rhetorical) questions about the
> testing.

I agree with most of your doubts about the paper, with one exception:
> (3) how do you determine that the padding is being done by the remote
> operating system and not by the remote nic?

not relevant. If the remote nic does padding and does it with life data,
it can expose data that was on the network before, and maybe came from an
unsniffable peer (because of a fixed switch setting or something similar).
The OS or OS driver can work around this, if known.
> i didn't see any evidence in the paper of any attempt to cleanse and
> control the testing in this manner.  it seemed to concentrate mainly
> on issues with some linux drivers and gesture at the idea that other
> operating systems may be vulnerable as well.

That's my feeling, too.


seal your e-mail:

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.1 (NetBSD)