Hi Ashley - I remember Dan Kaminsky talking about implementing this with Anyron at CodeCon 2002, I'm not sure if it ever saw the light of day, though...
http://www.codecon.org/2002/program.html#gateway John On Thu, Jan 17, 2008 at 04:55:56PM -0500, snort user wrote: > Greetings. > > Normally TCP connection establishment is a three packet sequence. > > C -> S (Syn) > S -> C (Syn|Ack) > C -> S (Ack) > > TCP specification (rfc 793) mentions about a simultaneous open and > it's use in distributed set ups. > In this case the handshake would proceed as follows: > > C -> S (Syn) .. 1 > S -> C (Syn) .. 2 > (1 and 2 happends almost simultaneously) > C -> S (Syn|Ack) > S -> C (Syn|Ack) > > My question is do we see this behavior in the practical world ? > > Thanks > Ashley > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw > > to learn more. > ------------------------------------------------------------------------ > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
