ECN and it's impact on Intrusion Detection
Source: SANS / Toby Miller - Posted by Ryan W. Maple   
Intrusion Detection Recently, there has been some discussion on various mailing list(s) about the Explicit Congestion Notification (ECN) proposed standard and QUESO/nmap scan detection. The debate has been centered around the two reserve bits in the TCP header (bits 8 & 9) that . . . Recently, there has been some discussion on various mailing list(s) about the Explicit Congestion Notification (ECN) proposed standard and QUESO/nmap scan detection. The debate has been centered around the two reserve bits in the TCP header (bits 8 & 9) that QUESO sets in a SYN packet and those same two bits being used by ECN.

What is ECN? ECN is a standard proposed by the IETF that will cut down on network congestion and routers dropping packets. Currently, RFC 2481 states that in order to accomplish this task ECN will use four previously unused bits in both the IP header and the TCP Header.

Read this full article at SANS / Toby Miller

Only registered users can write comments.
Please login or register.

Powered by AkoComment!