Re: TCP: a practical question
- From: John Kinsella <jlk@xxxxxxxxxxxxxx>
- Date: Thu, 31 Jan 2008 12:36:43 -0800
Hi Ashley -
I remember Dan Kaminsky talking about implementing this with Anyron at
CodeCon 2002, I'm not sure if it ever saw the light of day, though...
http://www.codecon.org/2002/program.html#gateway
John
On Thu, Jan 17, 2008 at 04:55:56PM -0500, snort user wrote:
Greetings.
Normally TCP connection establishment is a three packet sequence.
C -> S (Syn)
S -> C (Syn|Ack)
C -> S (Ack)
TCP specification (rfc 793) mentions about a simultaneous open and
it's use in distributed set ups.
In this case the handshake would proceed as follows:
C -> S (Syn) .. 1
S -> C (Syn) .. 2
(1 and 2 happends almost simultaneously)
C -> S (Syn|Ack)
S -> C (Syn|Ack)
My question is do we see this behavior in the practical world ?
Thanks
Ashley
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
- Prev by Date: RootKits Under Linux
- Next by Date: RE: Bayesian IDS...help
- Previous by thread: RootKits Under Linux
- Next by thread: host based IDS for ERP
- Index(es):
Relevant Pages
|
