[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

draft-ietf-opsec-current-practices-01.txt

To: "Merike Kaeo" <merike@doubleshotsecurity.com>
Subject: draft-ietf-opsec-current-practices-01.txt
From: "Vishwas Manral" <Vishwas@sinett.com>
Date: Wed, 26 Oct 2005 06:45:57 -0700
Cc: "Opsec" <opsec@ops.ietf.org>

Hi Merike,

Going through the document draft-ietf-opsec-current-practices-01.txt, I
figured that we have totally left out things like 'fingerprinting'(is
that not aimed as part of this document).

* TCP Xmas flags. All TCP header option flags are set on same datagram.
This is often used to traverse packet filters and to scan hosts to
detect open ports.
* TCP zero flags (Null scan). This is often used to scan for open ports.
etc

In appendix B you could add: -

* Overlapping fragments
* Tiny Fragments
* TCP timestamp attack
* ICMP Path MTU spoofing attacks - frag-req
* oversized ICMP packets (Ping of death) (the name is not put there)
* What about insertion/evasion attacks where we bypass the IDS systems,
even when they are present.
* Application level attacks (worms)

Thanks,
Vishwas

Prev by Date: RE: draft-zhao-opsec-routing-capabilities-00
Next by Date: bounces
Previous by thread: draft-zhao-opsec-routing-capabilities-00
Next by thread: RE: draft-ietf-opsec-current-practices-01.txt
Index(es):
- Date
- Thread