IDS mailing list archives
Re: TCP: a practical question
From: Adam Powers <apowers () lancope com>
Date: Fri, 18 Jan 2008 10:48:25 -0500
I think your referring to a part of the RFC that is attempting to describe passive and active opens. They were just making a point that both tcps could establish connections at the same time in opposite directions on the same service port without failure. IMO, this kind of asynchronous communication over multiple sockets within an application is quite common though something of a pain to maintain as NATs and other translation layers will often break at least one direction of the packet flow. On 1/17/08 4:55 PM, "snort user" <snort.user () gmail com> wrote:
Greetings. Normally TCP connection establishment is a three packet sequence. C -> S (Syn) S -> C (Syn|Ack) C -> S (Ack) TCP specification (rfc 793) mentions about a simultaneous open and it's use in distributed set ups. In this case the handshake would proceed as follows: C -> S (Syn) .. 1 S -> C (Syn) .. 2 (1 and 2 happends almost simultaneously) C -> S (Syn|Ack) S -> C (Syn|Ack) My question is do we see this behavior in the practical world ? Thanks Ashley ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intr o_sfw to learn more. ------------------------------------------------------------------------
-- Adam Powers Chief Technology Officer Lancope, Inc. c. 678.725.1028 f. 678.302.8744 e. adam () lancope com ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- TCP: a practical question snort user (Jan 17)
- Re: TCP: a practical question Adam Powers (Jan 18)
- Message not available
- Re: TCP: a practical question Fernando Gont (Jan 18)
- Re: TCP: a practical question crazy frog crazy frog (Jan 21)
- Message not available
- Re: TCP: a practical question Fernando Gont (Jan 21)
- Re: TCP: a practical question crazy frog crazy frog (Jan 21)
- Re: TCP: a practical question "Zow" Terry Brugger (Jan 23)
- Re: TCP: a practical question Fernando Gont (Jan 18)