Microsoft Windows XP TCP Packet Information Leakage Vulnerability

Microsoft Windows XP TCP Packet Information Leakage Vulnerability

The following packet capture, which demonstrates this lack of URG flag initialization, has been supplied by Michal Zalewski.

<Tue Sep 2 13:02:48 2003> A:3827 - Windows XP (2) (PLEASE REPORT!) [GENERIC]
Signature: [16384:119:1:48:M1460,N,N,S:U:Windows:?]
-> server:80 (distance 9, link: ethernet/modem)
-- EXTRA TCP VALUES: ACK=0x0, UNUSED=0, URG=0x819e

<Tue Sep 2 13:02:48 2003> A:3829 - Windows XP (2) (PLEASE REPORT!) [GENERIC]
Signature: [16384:119:1:48:M1460,N,N,S:U:Windows:?]
-> server:80 (distance 9, link: ethernet/modem)
-- EXTRA TCP VALUES: ACK=0x0, UNUSED=0, URG=0xdc19

<Tue Sep 2 13:02:49 2003> A:3830 - Windows XP (2) (PLEASE REPORT!) [GENERIC]
Signature: [16384:119:1:48:M1460,N,N,S:U:Windows:?]
-> server:80 (distance 9, link: ethernet/modem)
-- EXTRA TCP VALUES: ACK=0x0, UNUSED=0, URG=0x8158

<Tue Sep 2 13:02:49 2003> A:3833 - Windows XP (2) (PLEASE REPORT!) [GENERIC]
Signature: [16384:119:1:48:M1460,N,N,S:U:Windows:?]
-> server:80 (distance 9, link: ethernet/modem)
-- EXTRA TCP VALUES: ACK=0x0, UNUSED=0, URG=0x8158