stream: detect overlapping data in stream reassembly
Resending of different data in TCP streams is a way to attempt to evade the IDS/IPS. Detect such resends.
Updated by Victor Julien about 11 years ago
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
commit 6f76ac176d70d85fa2a5719dacdc8fef0ef074dc Author: Victor Julien <email@example.com> Date: Thu Oct 11 21:02:56 2012 +0200 stream: add option to match on overlapping data Set event on overlapping data segments that have different data. Add stream-events option stream-event:reassembly_overlap_different_data and add an example rule. Issue 603.