2000311

	TCP post connection SYN
advICE :Intrusions : 2000311

FAQ

Oh my gosh, I'm being HACKED!!!

How do I report the hacker to my ISP?

I'm seeing lots of attacks, is this normal?

Summary
Attacker is trying to avoid detection by sending a SYN frame with a different sequence number than the original SYN.
Details
This attack may cause an IDS (Intrusion Detection System) to desynchronize with the original connection. The attacker may then continue without being detected.

more information

Phrack: pck:p54-10 Phrack magazine article on intrusion detection avoidance

parametric information

initial_seq The original SYN sequence number .

this_seq The new SYN sequence number.

 
Version appeared: 1.8.6

TCP post connection SYN