Firewall Wizards mailing list archives
Re: Important Comments re: INtrusion Detection
From: tqbf () secnet com
Date: Sat, 21 Feb 1998 00:40:42 -0600 (CST)
First off, a nit: overlapping fragments with inconsistant data are never
^^^^^^^^^^^^^^^^^^^^^^
going to be the valid output of a TCP/IP stack.
Note underlined text.
I don't know that the same
^^^^^
is true of all overlapping fragments.
^^^ Note underlined text.
Wrong. If you have asymetrical routing and different MTU's on each route then it is possible. Oh, it also requires path MTU discovery to be off.
You're saying that it's possible to get fragments which overlap and which have inconsistant data in normal traffic? How? ----------------------------------------------------------------------------- Thomas H. Ptacek Secure Networks, Inc. ----------------------------------------------------------------------------- http://www.enteract.com/~tqbf "mmm... sacrilicious"
Current thread:
- Re: Important Comments re: INtrusion Detection, (continued)
- Re: Important Comments re: INtrusion Detection Jonathan Care (Feb 19)
- Re: Important Comments re: INtrusion Detection Michael T. Stolarchuk (Feb 19)
- RE: Important Comments re: INtrusion Detection Kurt Ziegler (Feb 19)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 19)
- Re: Important Comments re: INtrusion Detection Barney Wolff (Feb 20)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 20)
- Re: Important Comments re: INtrusion Detection marc (Feb 20)
- Re: Important Comments re: INtrusion Detection Barney Wolff (Feb 20)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 20)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 21)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 21)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 21)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 21)
- Re: Important Comments re: INtrusion Detection Vern Paxson (Feb 21)