"Ronald F. Guilmette" <[email protected]> writes: > I am prompted to ask here whether or not FreeBSD performs any sort of > logging of instances when "duplicate TCP packets but with different > payloads" occurs, and/or whether FreeBSD provides any options which, > for example, might automagically trigger a close of the relevant TCP > connection when and if such an event is detected. (Connection close > seems to me to be one possible mitigation strategy, even if it might > be viewed as rather ham-fisted by some.)
As far as I can see, no. This would be a non-trivial application of resources, so I wouldn't expect to see it be a standard part of the TCP stack. Such a check would be better implemented as an optional application of an API like BPF. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
