Detect "quantum insert" type of attacks

Description

Add detection for "quantum insert" type of attacks. Since the leaked information is classified, I will try to explain in unclassified form what it is about.

The idea is that you have a passive adversary that sniff your TCP sequence numbers and inject its malicious payload faster than the real server.

One of the leaked documents mentions as an alerting mechanism to detect duplicate TCP sequence numbers from same source, where at least 10% of the beginning of the content of the two packets differs.

Environment

None

Status

Assignee

Unassigned

Reporter

David André

Labels

None

External issue ID

None

Components

Priority

Normal