Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Windows Net Apps :: krnl15~3.txt

Windows 98/98SE/2000/Me ICMP Kernel bugs




COMMAND

    kernel

SYSTEMS AFFECTED

    Win systems

PROBLEM

    Ofir  Arkin  found  following.   He  has  decided  to  map   which
    operating systems would answer  to an ICMP Timestamp  Request that
    would have its  code field not  set to zero.   Interesting results
    were  produced.   The  Microsoft  Windows  98/98  SE/ME,  and  the
    Microsoft Windows 2000  Professional/Server that have  answered to
    ICMP Timestamp requests with the  code filed set to zero,  now did
    not produce any reply back.

    Using this information it is quite easy to group together  certain
    Microsoft Windows  operating systems  using two  datagrams of ICMP
    Timestamp request.  The first one is a regular one; the  Microsoft
    Windows machines that do not  answer are Microsoft Windows 95  and
    Microsoft Windows NT 4.0 Workstation with SP 6a (and below).   All
    other operating  systems (that  author checked)  answered the ICMP
    Time stamp  request (UNIX  and UNIX-like).   The second  stage  is
    sending another datagram, this time  with the Code field set  to a
    value, which  is not  equal to  zero.   The operating systems that
    would  not   answer  would   include  Windows   98/98   SE/ME/2000
    Professional/  2000  Server,  which  are  the  newer  versions  of
    Microsoft  Windows  operating  systems.   Other  operating systems
    would still respond with a correct answer to the query.

    It is quite  obvious that Microsoft  have tried to  change some of
    their  newer  operating  systems  fingerprinting  in  later TCP/IP
    implementations  of  their  operating  systems.   For example, the
    default for answering an  ICMP Timestamp request was  changed from
    "no  answer"  to  "answer",  like  UNIX  and  UNIX-like  operating
    systems.  But the  Microsoft programmers / designers  / architects
    / security engineers did not think about every thing apparently.

    Operating Systems checked:

        LINUX Kernel  2.4t2; LINUX  Kernel 2.2.14;  FreeBSD 4.0,  3.4;
        OpenBSD 2.7 & 2.6; Solaris 2.5.1, 2.6, 2.7 & 2.8; HP-UX 10.20;
        AIX 4.1; ULTRIX; Microsoft Windows 95 / 98 / 98SE / ME / NT  4
        SP3, SP4, SP6a WRST & SERVER / 2000 Professional & Server.

SOLUTION

    Nothing yet.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH