Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Date: Fri Nov 30 2001 - 02:26:59 CST
> Are overlapping packets witnessed in the wild ?
Yes. See section 7.3, "Crud seen on a DMZ", of:
> Is it quite unusual ?
I'd say on average, at LBL we see a few each day, though that's out of a
large traffic stream.
> Are there somewhat special protocols making use of overlapping
> data at ip or tcp level ?
There shouldn't be any that "make use" of it to try to achieve some effect.
A worry, though, is whether legitimate apps might inadvertantly generate
these, and then you'll terminate their connections unnecessarily. From
my experience, yes, legitimate apps do these sorts of things sometimes,
but they're quite rare.
> <2> mitigate IDS desynchronization and more generally issues with content
In this context, you might want to check out