Details

    • Type: New Feature
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Bro
    • Labels:
      None

      Description

      Add detection for "quantum insert" type of attacks. Since the leaked information is classified, I will try to explain in unclassified form what it is about.

      The idea is that you have a passive adversary that sniff your TCP sequence numbers and inject its malicious payload faster than the real server.

      One of the leaked documents mentions as an alerting mechanism to detect duplicate TCP sequence numbers from same source, where at least 10% of the beginning of the content of the two packets differs.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              elhoim David André
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: