From owner-freebsd-hackers  Fri Jun 15 14:52:53 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from obsecurity.dyndns.org (adsl-63-207-60-13.dsl.lsan03.pacbell.net [63.207.60.13])
	by hub.freebsd.org (Postfix) with ESMTP id 82CE237B401
	for <hackers@FreeBSD.ORG>; Fri, 15 Jun 2001 14:52:48 -0700 (PDT)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id E358466D15; Fri, 15 Jun 2001 14:52:47 -0700 (PDT)
Date: Fri, 15 Jun 2001 14:52:47 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: Nate Williams <nate@yogotech.com>
Cc: Jordan Hubbard <jkh@osd.bsdi.com>, hackers@FreeBSD.ORG
Subject: Re: Query:  How to tell if Microsoft is using BSD TCP/IP code?
Message-ID: <20010615145247.A79042@xor.obsecurity.org>
References: <20010615135713Y.jkh@osd.bsdi.com> <15146.30861.669216.436091@nomad.yogotech.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <15146.30861.669216.436091@nomad.yogotech.com>; from nate@yogotech.com on Fri, Jun 15, 2001 at 03:05:17PM -0600
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

On Fri, Jun 15, 2001 at 03:05:17PM -0600, Nate Williams wrote:
> > I've had several marketing types approach me recently for details as
> > to whether or not Microsoft was using the BSD TCP/IP stack and/or user
> > utilities, and though it's always been "common knowledge" in the
> > community that they were, when I set about to "prove" it I found it to
> > be less easy than I'd thought.  I've strings'd various binaries and
> > DLLs in my copy of Windows 98 but have yet to find anything resembling
> > proof.  Does anyone out there have any details or discovery techniques
> > for confirming or disproving this assertion either way?  It would be
> > very useful (for us) from a PR standpoint to know.
> 
> I think the nmap folks noticed that the stack in Win98 (I don't remember
> if it was in Win2K as wll) behaved almost exactly like the BSD stack in
> ways that weren't mandatory.  Their conclusion was that it had to be
> based on the BSD code to get such similar behavior, since no other stack
> behaved in this manner.

One signature of this might be vulnerability history: there have been
a number of corner-case IP stack vulnerabilities over the years which
were also shared by Windows and may indicate a common code heritage.
Of course, it's still not conclusive.

Kris

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message