[
https://bro-tracker.atlassian.net/browse/BIT-1314?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Seth Hall updated BIT-1314:
---------------------------
Resolution: Fixed
Status: Closed (was: Open)
This is already merged into master and is usable from there and will be a
standard feature of 2.5.
> Detect "quantum insert" type of attacks
> ---------------------------------------
>
> Key: BIT-1314
> URL: https://bro-tracker.atlassian.net/browse/BIT-1314
> Project: Bro Issue Tracker
> Issue Type: New Feature
> Components: Bro
> Reporter: David André
>
> Add detection for "quantum insert" type of attacks. Since the leaked
> information is classified, I will try to explain in unclassified form what it
> is about.
> The idea is that you have a passive adversary that sniff your TCP sequence
> numbers and inject its malicious payload faster than the real server.
> One of the leaked documents mentions as an alerting mechanism to detect
> duplicate TCP sequence numbers from same source, where at least 10% of the
> beginning of the content of the two packets differs.
--
This message was sent by Atlassian JIRA
(v7.0.0-OD-02-259#70102)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
