"Ronald F. Guilmette" writes:
> In message <44a8xte4i0@lowell-desk.lan>,
> Lowell Gilbert wrote:
>
>>"Ronald F. Guilmette" writes:
>>
>>> I am prompted to ask here whether or not FreeBSD performs any sort of
>>> logging of instances when "duplicate TCP packets but with different
>>> payloa
Snort (and brethren) at the perimeter seem like a reasonable approach.
http://seclists.org/snort/2015/q2/114
But, more likely to succeed will be SSL everywhere, and certificate
pinning, since this is primarily a web-based attack:
http://www.wired.com/2015/04/researchers-uncover-method-detect-nsa-q
On Tue, April 28, 2015 01:12, Ronald F. Guilmette wrote:
>
> In message ,
> Charles Swiger wrote:
>
>>On Apr 27, 2015, at 11:37 AM, Ronald F. Guilmette
>>wrot
>>e:
> ...
>>> and/or whether FreeBSD provides any options which,
>>> for example, might automagically trigger a close of the relevant T
On Mon, Apr 27, 2015 at 03:12:43PM -0700, Ronald F. Guilmette wrote:
>
> In message ,
> Charles Swiger wrote:
>
> >On Apr 27, 2015, at 11:37 AM, Ronald F. Guilmette
> >wrot
> >e:
> ...
> >> and/or whether FreeBSD provides any options which,
> >> for example, might automagically trigger a clo
In message ,
Charles Swiger wrote:
>On Apr 27, 2015, at 3:12 PM, Ronald F. Guilmette
>wrote:
>> As I understand it, (verbatim) duplicate packets can sometimes arrive at
>> an endpoint due simply to network anomalies. However as I understand it,
>> those will typically have identical lengths a
On Apr 27, 2015, at 3:12 PM, Ronald F. Guilmette wrote:
> In message ,
> Charles Swiger wrote:
>> On Apr 27, 2015, at 11:37 AM, Ronald F. Guilmette
>> wrote:
>>> ...
>>> and/or whether FreeBSD provides any options which,
>>> for example, might automagically trigger a close of the relevant TCP
In message ,
Charles Swiger wrote:
>On Apr 27, 2015, at 11:37 AM, Ronald F. Guilmette wrot
>e:
...
>> and/or whether FreeBSD provides any options which,
>> for example, might automagically trigger a close of the relevant TCP
>> connection when and if such an event is detected. (Connection clo
In message <44a8xte4i0@lowell-desk.lan>,
Lowell Gilbert wrote:
>"Ronald F. Guilmette" writes:
>
>> I am prompted to ask here whether or not FreeBSD performs any sort of
>> logging of instances when "duplicate TCP packets but with different
>> payloads" occurs, and/or whether FreeBSD provid
On Apr 27, 2015, at 11:37 AM, Ronald F. Guilmette
wrote:
> I am prompted to ask here whether or not FreeBSD performs any sort of
> logging of instances when "duplicate TCP packets but with different
> payloads" occurs,
Not normally. Such things can be visible in netstat -s output as "completely
"Ronald F. Guilmette" writes:
> I am prompted to ask here whether or not FreeBSD performs any sort of
> logging of instances when "duplicate TCP packets but with different
> payloads" occurs, and/or whether FreeBSD provides any options which,
> for example, might automagically trigger a close of
I just now read the following TheRegister news article about detection
of "Quantum Insert" funny business:
http://www.theregister.co.uk/2015/04/23/detecting_nsa_style_hacking_tool_unsheathed/
I am prompted to ask here whether or not FreeBSD performs any sort of
logging of instances when "duplica
11 matches
Mail list logo
