Project

General

Profile

Actions
Copy link

Feature #603

closed

stream: detect overlapping data in stream reassembly

Added by Victor Julien over 11 years ago. Updated over 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
1.4beta3
Effort:
Difficulty:
Label:

Description

Resending of different data in TCP streams is a way to attempt to evade the IDS/IPS. Detect such resends.

Actions
Copy link
 #1

Updated by Victor Julien over 11 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

Solved by:

commit 6f76ac176d70d85fa2a5719dacdc8fef0ef074dc
Author: Victor Julien <victor@inliniac.net>
Date:   Thu Oct 11 21:02:56 2012 +0200

    stream: add option to match on overlapping data

    Set event on overlapping data segments that have different data.

    Add stream-events option stream-event:reassembly_overlap_different_data and
    add an example rule.

    Issue 603.
Actions
Copy link

Also available in: Atom PDF