[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
draft-ietf-opsec-current-practices-01.txt
Hi Merike,
Going through the document draft-ietf-opsec-current-practices-01.txt, I
figured that we have totally left out things like 'fingerprinting'(is
that not aimed as part of this document).
* TCP Xmas flags. All TCP header option flags are set on same datagram.
This is often used to traverse packet filters and to scan hosts to
detect open ports.
* TCP zero flags (Null scan). This is often used to scan for open ports.
etc
In appendix B you could add: -
* Overlapping fragments
* Tiny Fragments
* TCP timestamp attack
* ICMP Path MTU spoofing attacks - frag-req
* oversized ICMP packets (Ping of death) (the name is not put there)
* What about insertion/evasion attacks where we bypass the IDS systems,
even when they are present.
* Application level attacks (worms)
Thanks,
Vishwas