Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 07:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

BIT-1314: Add detection for Quantum Insert attacks

Browse source 
TCP_Reassembler can now keep a history of old TCP segments using the
`tcp_max_old_segments` option. A value of zero will disable it.

An overlapping segment with different data can indicate a possible
TCP injection attack. The rexmit_inconsistency event will fire if this
is the case.
This commit is contained in:
Yun Zheng Hu 2015-05-28 12:11:06 +02:00
parent 5147b0bb02
commit b386b2ba51
5 changed files with 87 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/analyzer/protocol/tcp/TCP_Reassembler.cc
View file

@ -42,6 +42,9 @@ TCP_Reassembler::TCP_Reassembler(analyzer::Analyzer* arg_dst_analyzer,
seq_to_skip = 0;
in_delivery = false;
if ( tcp_max_old_segments )
SetMaxOldBlocks(tcp_max_old_segments);
if ( tcp_contents )
{
// Val dst_port_val(ntohs(Conn()->RespPort()), TYPE_PORT);