[Bro] tcp off-path exploit

philosnef philosnef at yahoo.com
Thu Aug 11 08:18:34 PDT 2016

Is it possible to flag these exploit attempts? From the look of things, it seems reasonable to think that the connection information in conn.log could be used to trace this, do to the very particular way it hands syn/ack requests. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160811/ba30dbcd/attachment-0001.html 

More information about the Bro mailing list