Signature Detail

Short Name	TCP:C2S:AMBIG:OLAP-MISMATCH
Severity	Critical
Recommended	No
Recommended Action	Drop Packet
Category	TCP
Release Date	2003/08/27
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

TCP: C2S Ambiguity Mismatching Overlapping Data

This protocol anomaly triggers when it detects a TCP segment retransmission from the client to server in which the retransmitted data differs from the original data. This is a common IDS evasion attack; do not allow these packets to pass IDP.

Extended Description

The impact depends on how the implementation handles this kind of anomalous packet.

References

URL: http://www.faqs.org/rfcs/rfc813.html
URL: http://www.opalsoft.net/qos/TCP-1010.htm

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Release Date

Update Number

Supported Platforms

TCP: C2S Ambiguity Mismatching Overlapping Data

Extended Description

References