[Bro] add detect bad tcp options ?
vern at icir.org
Sun Jun 27 16:21:49 PDT 2004
> I received this packet,
> but bro not detect bad tcp options,
> possible pb on bro ?
> because 'bad tcp cksum' ?
If the TCP checksum is bad, then the packet is ill-formed. It does not
make sense in that case to complain about a bad option, since the packet
cannot be processed in any case.
> why bro detect OTH ?
Because the connection is not in a well-defined state. Bro does *not*
consider it to have corresponded to a SYN being sent, because the packet
carrying the SYN was ill-formed. For all it can tell, part of the damage
to the packet might have been to the control flags, and the SYN setting
More information about the Bro