Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: TCP: a practical question

from [John Kinsella] Network Security [Permanent Link]
Subject: Re: TCP: a practical question
Date: Thu, 31 Jan 2008 12:36:43 -0800 
Hi Ashley - 

I remember Dan Kaminsky talking about implementing this with Anyron at
CodeCon 2002, I'm not sure if it ever saw the light of day, though...

http://www.codecon.org/2002/program.html#gateway

John

On Thu, Jan 17, 2008 at 04:55:56PM -0500, snort user wrote:

Greetings.

Normally TCP connection establishment is a three packet sequence.

C -> S (Syn)
S -> C (Syn|Ack)
C -> S (Ack)

TCP specification (rfc 793) mentions about a simultaneous open and
it's use in distributed set ups.
In this case the handshake would proceed as follows:

C -> S (Syn) .. 1
S -> C (Syn) .. 2
(1 and 2 happends almost simultaneously)
C -> S (Syn|Ack)
S -> C (Syn|Ack)

My question is do we see this behavior in the practical world ?

Thanks
Ashley

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to 
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
 
to learn more.
------------------------------------------------------------------------



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to 
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: TCP: a practical question, John Kinsella <=
Previous by Date:  Re: Bayesian IDS...help, Dinakara
Next by Date:  RE: Bayesian IDS...help, Craig Wright
Previous by Thread:  RootKits Under Linux, Ahmed Zaki
Next by Thread:  host based IDS for ERP, network . q
Indexes:  [Date] [Thread] [Top] [All Lists]