|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jeff Nathan (jeff_at_wwti.com)
Date: Fri Oct 18 2002 - 11:34:52 CDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --On Friday, October 18, 2002 21:45:01 +1000 Darryl Luff
<darryl
snakegully.nu> wrote:
[...]
> I imagine that the easiest way would be to pick an unknown IP or TCP
> option number and insert your own options field into the IP or TCP
> header. This keeps your data separate from the TCP connection data. I
> think that an option field can be up to 253 bytes of data?
>
> Do any IDS systems trigger on unrecognised option fields?
>
>
> Darryl Luff
In TCP and IP headers, the options length is limited to 40 bytes as the
header length field is 4 bits in length.
Many NIDS make a respectable attempt at normalizing and parsing options
data contextually.
- -Jeff
- --
http://jeff.wwti.com (pgp key available)
"Common sense is the collection of prejudices acquired by age eighteen."
- - Albert Einstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (OpenBSD)
iD8DBQE9sDgwEqr8+Gkj0/0RAjseAJwLBvokhPedulRqI2xa8/lF4vAvxACfRwSa
++woesdmHZXyZ8HD1JiLlZY=
=uNz9
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]