Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 01:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

BIT-1314: Add detection for Quantum Insert attacks

Browse source 
TCP_Reassembler can now keep a history of old TCP segments using the
`tcp_max_old_segments` option. A value of zero will disable it.

An overlapping segment with different data can indicate a possible
TCP injection attack. The rexmit_inconsistency event will fire if this
is the case.
This commit is contained in:
Yun Zheng Hu 2015-05-28 12:11:06 +02:00
parent 5147b0bb02
commit b386b2ba51
5 changed files with 87 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/NetVar.cc
View file

@ -49,6 +49,7 @@ double tcp_partial_close_delay;
int tcp_max_initial_window;
int tcp_max_above_hole_without_any_acks;
int tcp_excessive_data_without_further_acks;
int tcp_max_old_segments;
RecordType* socks_address;
@ -354,6 +355,7 @@ void init_net_var()
opt_internal_int("tcp_max_above_hole_without_any_acks");
tcp_excessive_data_without_further_acks =
opt_internal_int("tcp_excessive_data_without_further_acks");
tcp_max_old_segments = opt_internal_int("tcp_max_old_segments");
socks_address = internal_type("SOCKS::Address")->AsRecordType();