[Bro] tcp off-path exploit
philosnef
philosnef at yahoo.com
Thu Aug 11 08:18:34 PDT 2016
Is it possible to flag these exploit attempts? From the look of things, it seems reasonable to think that the connection information in conn.log could be used to trace this, do to the very particular way it hands syn/ack requests.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160811/ba30dbcd/attachment-0001.html
More information about the Bro
mailing list