Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 05:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge branch 'topic/yunzheng/bit-1314'

Browse source 
I've worked on this a bit more:

    - Added tcp_max_old_segments to init-bare.bro.
    - Removed the existing call to Overlap() as that now led to
      duplicate events.
    - Fixed the code checking for overlaps, as it didn't catch all the
      cases.

BIT-1314 #merged
GitHub #31 merged

* topic/yunzheng/bit-1314:
  BIT-1314: Added QI test for rexmit_inconsistency
  BIT-1314: Add detection for Quantum Insert attacks
This commit is contained in:
Robin Sommer 2015-06-28 13:02:41 -07:00
commit c1f060be63
12 changed files with 139 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

5
scripts/base/init-bare.bro
View file

@ -954,6 +954,11 @@ const tcp_max_above_hole_without_any_acks = 16384 &redef;
## .. bro:see:: tcp_max_initial_window tcp_max_above_hole_without_any_acks
const tcp_excessive_data_without_further_acks = 10 * 1024 * 1024 &redef;
## Number of TCP segments to buffer beyond what's been acknowledged already
## to detect retransmission inconsistencies. Zero disables any additonal
## buffering.
const tcp_max_old_segments = 0 &redef;
## For services without a handler, these sets define originator-side ports
## that still trigger reassembly.
##