IDS mailing list archives
RE: Type of Attack Vector
From: "avi chesla" <chess4_4 () hotmail com>
Date: Sat, 04 Feb 2006 00:34:30 +0200
It is indeed not well documented.The reason for that is maybe because stateful firewalls and IPSs will simply drop ACK packets participating in this attack ,i.e., out-of-session Ack packets are dropped, thus the attack is prevented without any specific log that really identify it. Regarding in-session Fast Repeat Ack, this type is more difficult to accurately detect and prevent (but possible of course). Most firewalls and IPS will not detect it.
You can search for "Ack Storm", you might find more information about it Avi C
From: jono29 () gmail com To: focus-ids () securityfocus com Subject: Type of Attack Vector Date: 25 Jan 2006 15:11:22 -0000 Hi List,I have recently come across a type of attack vector named "Fast Repeat Ack". Having searched through various sources of information such as MySDN and MSDN I have been unable to find anything specific to this vector, although I have found alot of info on the other connection orientated attacks such as Syn Flood and Half Open Syn. Any information will be greatly received, and any links to useful sources appreciated.Thanks for your time, ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
_________________________________________________________________Don't just search. Find. Check out the new MSN Search! http://search.msn.com/
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
------------------------------------------------------------------------
Current thread:
- RE: Type of Attack Vector Johann van Duyn (Feb 02)
- <Possible follow-ups>
- RE: Type of Attack Vector avi chesla (Feb 07)