Preface: TCP FIN or RST seq out-of-rangeLogo -Internet Security Systems

TCP FIN or RST seq out-of-range
advICE :Intrusions : 2000312
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?
Summary

This may indicate an unsuccessful attempt to hijack a TCP connection. A TCP sequence number is out of the expected range in a FIN or RST packet.

Details

A hacker will send this frame to cause an intrusion detection system (IDS) to become unsynchronized with the data in a connection. Subsequent frames sent in that connection may then be ignored by the IDS.

 more information
CERT: CA-95.01.IP.spoofing.attacks.and.hijacked.terminal.connections  
 
Phrack: pck:p54-10   Phrack magazine article on intrusion detection avoidance
 

 parametric information
dstportThe destination port of the TCP frame.
srcportThe source port of the TCP frame.
seqThe sequence number seen.
expectedThe expected sequence number.

 
Version appeared: 1.8.6
Privacy Policy |  Copyright Info