mirror of
https://github.com/zeek/zeek.git
synced 2025-10-05 08:08:19 +00:00
BIT-1314: Add detection for Quantum Insert attacks
TCP_Reassembler can now keep a history of old TCP segments using the `tcp_max_old_segments` option. A value of zero will disable it. An overlapping segment with different data can indicate a possible TCP injection attack. The rexmit_inconsistency event will fire if this is the case.
This commit is contained in:
Yun Zheng Hu
parent
5147b0bb02
commit
b386b2ba51
5 changed files with 87 additions and 1 deletions
|
|
@ -52,6 +52,7 @@ extern double tcp_reset_delay;
|
|||
extern int tcp_max_initial_window;
|
||||
extern int tcp_max_above_hole_without_any_acks;
|
||||
extern int tcp_excessive_data_without_further_acks;
|
||||
extern int tcp_max_old_segments;
|
||||
|
||||
extern RecordType* socks_address;
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue