Wenrui Guo wrote:
Yes, Suspicious network packet means hacked TCP packet. Actually close
connection between these peers can avoid subsequent hacked packet?
The connection being closed, it's hard for the client to send a new
hacked packet ;)
But
It relies on the mechanism how to recognize if a network packet is
hacked?
You are implementing a protocol which describes the packet structure. In
any case,
you should be able, at the protocol decoding levle, to detect hacked
packets.
For example, if network packet should starts with a length field
indicates the whole length of a complete packet, a hacked packet perhaps
sends out packets with wrong length field, How do you decide if it's
valid or not?
By checking that the size is correct ... This is again at the protocol
level that you can do that.
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org
