Date: Mon, 27 Apr 2015 15:49:11 -0400 From: Lowell Gilbert <freebsd-security-local@be-well.ilk.org> To: "Ronald F. Guilmette" <rfg@tristatelogic.com> Cc: freebsd-security@freebsd.org Subject: Re: Logging TCP anomalies Message-ID: <44a8xte4i0.fsf@lowell-desk.lan> In-Reply-To: <43372.1430159842@server1.tristatelogic.com> (Ronald F. Guilmette's message of "Mon, 27 Apr 2015 11:37:22 -0700") References: <43372.1430159842@server1.tristatelogic.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Ronald F. Guilmette" <rfg@tristatelogic.com> writes: > I am prompted to ask here whether or not FreeBSD performs any sort of > logging of instances when "duplicate TCP packets but with different > payloads" occurs, and/or whether FreeBSD provides any options which, > for example, might automagically trigger a close of the relevant TCP > connection when and if such an event is detected. (Connection close > seems to me to be one possible mitigation strategy, even if it might > be viewed as rather ham-fisted by some.) As far as I can see, no. This would be a non-trivial application of resources, so I wouldn't expect to see it be a standard part of the TCP stack. Such a check would be better implemented as an optional application of an API like BPF.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44a8xte4i0.fsf>