Firewall Wizards mailing list archives
Re: TCP segments with overlapping data
From: Ng Pheng Siong <ngps () post1 com>
Date: Thu, 6 Dec 2001 01:02:46 +0800
On Mon, Dec 03, 2001 at 06:37:14PM -0500, miedaner wrote:
My question is what is TCP overlapping data? What is the vulnerability associated?
As explained by Vern. Next, you may want to determine if this TCP overlapping traffic you're seeing is benign or hostile. - Tabulate the remote IP addresses sending such traffic. See if you can eye-ball any trend or grouping. - If you spot a trend or a group, put a sniffer to capture more of the traffic and study the traffic. (Is your IDS probe in front or behind your firewall?) Before you do the above though: Does your security policy or incident response manual tell you how much to follow up in such situations? If not, what is the point of installing the IDS, or, IOW, how do you go from reading your IDS's output to deciding that you should invoke your local SIRT? Cheers. -- Ng Pheng Siong <ngps () post1 com> * http://www.post1.com/home/ngps _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- TCP segments with overlapping data miedaner (Dec 04)
- Re: TCP segments with overlapping data Ng Pheng Siong (Dec 05)
- <Possible follow-ups>
- Re: TCP segments with overlapping data Vern Paxson (Dec 05)