IDS mailing list archives
TCP: a practical question
From: "snort user" <snort.user () gmail com>
Date: Thu, 17 Jan 2008 16:55:56 -0500
Greetings. Normally TCP connection establishment is a three packet sequence. C -> S (Syn) S -> C (Syn|Ack) C -> S (Ack) TCP specification (rfc 793) mentions about a simultaneous open and it's use in distributed set ups. In this case the handshake would proceed as follows: C -> S (Syn) .. 1 S -> C (Syn) .. 2 (1 and 2 happends almost simultaneously) C -> S (Syn|Ack) S -> C (Syn|Ack) My question is do we see this behavior in the practical world ? Thanks Ashley ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- TCP: a practical question snort user (Jan 17)
- Re: TCP: a practical question Adam Powers (Jan 18)
- Message not available
- Re: TCP: a practical question Fernando Gont (Jan 18)
- Re: TCP: a practical question crazy frog crazy frog (Jan 21)
- Message not available
- Re: TCP: a practical question Fernando Gont (Jan 21)
- Re: TCP: a practical question crazy frog crazy frog (Jan 21)
- Re: TCP: a practical question "Zow" Terry Brugger (Jan 23)
- Re: TCP: a practical question Fernando Gont (Jan 18)