Signature Detail

Short Name	TCP:S2C:AMBIG:OLAP-MISMATCH
Severity	Critical
Recommended	Yes
Recommended Action	Drop Packet
Category	TCP
Release Date	2003/04/22
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

TCP: S2C Ambiguity Mismatching Overlapping Data

This protocol anomaly triggers when it detects a TCP segment retransmission from the server to client in which the retransmitted data differs from the original data. Because this is an extremely common IDS evasion attack, it is recommended to drop these packets.

Extended Description

Such a anomalous situation could indicate a TCP configuration or implementation error. It also could indicate that an attack against a TCP implementation is underway.

References

URL: http://www.tcpipguide.com/TCPIPGuide_1-0_s5.pdf
URL: http://www.networksorcery.com/enp/protocol/tcp.htm
URL: http://condor.depaul.edu/~jkristof/technotes/tcp.html

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Release Date

Update Number

Supported Platforms

TCP: S2C Ambiguity Mismatching Overlapping Data

Extended Description

References