Firewall Wizards mailing list archives

TCP segments with overlapping data

From: miedaner <miedaner () mold appliedtheory com>
Date: Mon, 03 Dec 2001 18:37:14 -0500

Hi All,

I am getting IDS messages that say that there are TCP segments with
overlapping data.

The vendor indicates the following:

"Data in TCP connections is broken  into packet-sized segments for
transmission. The target host must
 reassemble these segments into a contiguous stream to deliver it to an
application."

Besides my confusion on the language here...

Has anybody seen this?

My question is what is TCP overlapping data?
Assuming a layer 2 problem: Is it that the offset in the IP header is
overlapping for a packet with the same ID?

What is the vulnerability associated?

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

TCP segments with overlapping data miedaner (Dec 04)
- Re: TCP segments with overlapping data Ng Pheng Siong (Dec 05)
- <Possible follow-ups>
- Re: TCP segments with overlapping data Vern Paxson (Dec 05)