David André created BIT-1314:
--------------------------------
Summary: Detect "quantum insert" type of attacks
Key: BIT-1314
URL: https://bro-tracker.atlassian.net/browse/BIT-1314
Project: Bro Issue Tracker
Issue Type: New Feature
Components: Bro
Reporter: David André
Add detection for "quantum insert" type of attacks. Since the leaked
information is classified, I will try to explain in unclassified form what it
is about.
The idea is that you have a passive adversary that sniff your TCP sequence
numbers and inject its malicious payload faster than the real server.
One of the leaked documents mentions as an alerting mechanism to detect
duplicate TCP sequence numbers from same source, where at least 10% of the
beginning of the content of the two packets differs.
--
This message was sent by Atlassian JIRA
(v6.4-OD-14-082#64012)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
