I just now read the following TheRegister news article about detection of "Quantum Insert" funny business:
http://www.theregister.co.uk/2015/04/23/detecting_nsa_style_hacking_tool_unsheathed/ I am prompted to ask here whether or not FreeBSD performs any sort of logging of instances when "duplicate TCP packets but with different payloads" occurs, and/or whether FreeBSD provides any options which, for example, might automagically trigger a close of the relevant TCP connection when and if such an event is detected. (Connection close seems to me to be one possible mitigation strategy, even if it might be viewed as rather ham-fisted by some.) _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
