[Bro-Dev] [JIRA] (BIT-1314) Detect "quantum insert" type of attacks

Seth Hall (JIRA) jira at bro-tracker.atlassian.net
Fri Sep 4 05:42:00 PDT 2015


     [ https://bro-tracker.atlassian.net/browse/BIT-1314?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Seth Hall updated BIT-1314:
---------------------------
    Resolution: Fixed
        Status: Closed  (was: Open)

This is already merged into master and is usable from there and will be a standard feature of 2.5.

> Detect "quantum insert" type of attacks
> ---------------------------------------
>
>                 Key: BIT-1314
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1314
>             Project: Bro Issue Tracker
>          Issue Type: New Feature
>          Components: Bro
>            Reporter: David André
>
> Add detection for "quantum insert" type of attacks. Since the leaked information is classified, I will try to explain in unclassified form what it is about.
> The idea is that you have a passive adversary that sniff your TCP sequence numbers and inject its malicious payload faster than the real server.
> One of the leaked documents mentions as an alerting mechanism to detect duplicate TCP sequence numbers from same source, where at least 10% of the beginning of the content of the two packets differs.



--
This message was sent by Atlassian JIRA
(v7.0.0-OD-02-259#70102)



More information about the bro-dev mailing list