1 31337KEY TO UNDERSTANDING

Intrusion Detection Patterns

Nội dung
Đáp án tham khảo

12/03/97 02:21:53 192.168.1.1 31337 -> 192.168.1.1 31337

Key to understanding:

A variety of IP stacks were unable to process packets from

themselves to themselves with the same source and

destination ports. Remember, TCP replies to the source port.

IDIC - SANS GIAC LevelTwo

³⁴

This denial of service, like so many others, depends on the fact that many assumptions were made by the implementers of TCP/IP protocol stacks. If these stacks see themselves talking to themselves with the same source and destination port, they freeze up and die. Very often the operating system, if vulnerable, has to be powered off and restarted.Here is another one detected by Terry Henderson with his analysis: