Re: Strange tcpdump file
From: vern@ee.lbl.govDate: 10/23/01
- Previous message: David Ward: "Unknown requests from IE 5"
- Maybe in reply to: Lindsay: "Strange tcpdump file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200110230347.f9N3lJH05099@yak.aciri.org> From: vern@ee.lbl.gov To: Lindsay <lmf1t@cstone.net> Subject: Re: Strange tcpdump file Date: Mon, 22 Oct 2001 20:47:19 -0700
> http://www.cstone.net/~lmf1t/anom_logs/bogusIP.log
>
> Ethereal version 0.8.20 shows that the packet has IP header length of 0.
If you trace a busy link, it turns out you see busted stuff like this
every day. For example, the Bro intrusion detection system, which I run
operationally at lbl.gov, observes truncated packets, illegal TCP
acknowledgements and retransmissions, benign splitting of TCP headers
across different IP fragments, etc. See the discussion of "The Problem
of Crud" in the Bro paper:
ftp://ftp.ee.lbl.gov/papers/bro-CN99.ps.gz
- Vern
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: David Ward: "Unknown requests from IE 5"
- Maybe in reply to: Lindsay: "Strange tcpdump file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
