-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --On Friday, October 18, 2002 21:45:01 +1000 Darryl Luff <darrylat_private> wrote: [...] > I imagine that the easiest way would be to pick an unknown IP or TCP > option number and insert your own options field into the IP or TCP > header. This keeps your data separate from the TCP connection data. I > think that an option field can be up to 253 bytes of data? > > Do any IDS systems trigger on unrecognised option fields? > > > Darryl Luff In TCP and IP headers, the options length is limited to 40 bytes as the header length field is 4 bits in length. Many NIDS make a respectable attempt at normalizing and parsing options data contextually. - -Jeff - -- http://jeff.wwti.com (pgp key available) "Common sense is the collection of prejudices acquired by age eighteen." - - Albert Einstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (OpenBSD) iD8DBQE9sDgwEqr8+Gkj0/0RAjseAJwLBvokhPedulRqI2xa8/lF4vAvxACfRwSa ++woesdmHZXyZ8HD1JiLlZY= =uNz9 -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Sat Oct 19 2002 - 09:29:49 PDT