Firewall Wizards mailing list archives
RE: Re: TCP segments with overlapping data
From: "Kowsik Guruswamy" <kowsik () doublek net>
Date: Mon, 29 Apr 2002 08:24:29 -0700
Depends. Just because you get overlapping TCP segments isn't a problem and you shouldn't be alerted on it. OTOH, overlapping TCP segments with different data in the overlapping part is definitely an issue. Different stacks interpret this in different ways (first arrived segment, the last arrived segment, the one with the right timestamp - PAWS, etc...). A sniffer based IDS cannot in general determine what the target OS will do with the packet. Someone could easily evade your IDS using this mechanism. K. -----Original Message----- From: firewall-wizards-admin () nfr com [mailto:firewall-wizards-admin () nfr com]On Behalf Of Michael Szie Wee Kwang Sent: Thursday, April 25, 2002 9:25 PM To: firewall-wizards () nfr com Subject: [fw-wiz] Re: TCP segments with overlapping data Hi, Tcp overlapping reported by IDS is not any issue at all , am I right ? Regards Michael michaelszie () jos com sg _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: TCP segments with overlapping data Michael Szie Wee Kwang (Apr 29)
- RE: Re: TCP segments with overlapping data Kowsik Guruswamy (Apr 30)
- <Possible follow-ups>
- RE: Re: TCP segments with overlapping data Schouten, Diederik (Diederik) (Apr 30)