IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Type of Attack Vector

From: "avi chesla" <chess4_4 () hotmail com>
Date: Sat, 04 Feb 2006 00:34:30 +0200
It is indeed not well documented.
The reason for that is maybe because stateful firewalls and IPS’s will simply drop ACK packets participating in this attack ,i.e., out-of-session Ack packets are dropped, thus the attack is prevented without any specific log that really identify it. Regarding in-session Fast Repeat Ack, this type is more difficult to accurately detect and prevent (but possible of course). Most firewalls and IPS will not detect it. 
You can search for "Ack Storm", you might find more information about it

Avi C



From: jono29 () gmail com
To: focus-ids () securityfocus com
Subject: Type of Attack Vector
Date: 25 Jan 2006 15:11:22 -0000

Hi List,
I have recently come across a type of attack vector named "Fast Repeat Ack". Having searched through various sources of information such as MySDN and MSDN I have been unable to find anything specific to this vector, although I have found alot of info on the other connection orientated attacks such as Syn Flood and Half Open Syn. Any information will be greatly received, and any links to useful sources appreciated. 

Thanks for your time,

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------



_________________________________________________________________
Don't just search. Find. Check out the new MSN Search! http://search.msn.com/ 


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. 
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: