trickery

• Non-standard parts of standards

  • IP fragment overlap behavior
  • TCP sequence number overlap behavior
  • Invalid combinations of TCP options

• Other ways to force a disparity between the monitor and the end-station

  • TTL
  • Checksum
  • Overflowing monitor buffers

See http://www.secnet.com/papers/ids-html/ for detailed examples

Previous slide

Next slide

Back to first slide

View graphic version