Date: Mon, 27 Apr 2015 11:37:22 -0700 From: "Ronald F. Guilmette" <rfg@tristatelogic.com> To: freebsd-security@freebsd.org Subject: Logging TCP anomalies Message-ID: <43372.1430159842@server1.tristatelogic.com>
next in thread | raw e-mail | index | archive | help
I just now read the following TheRegister news article about detection of "Quantum Insert" funny business: http://www.theregister.co.uk/2015/04/23/detecting_nsa_style_hacking_tool_unsheathed/ I am prompted to ask here whether or not FreeBSD performs any sort of logging of instances when "duplicate TCP packets but with different payloads" occurs, and/or whether FreeBSD provides any options which, for example, might automagically trigger a close of the relevant TCP connection when and if such an event is detected. (Connection close seems to me to be one possible mitigation strategy, even if it might be viewed as rather ham-fisted by some.)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43372.1430159842>