Recently,Netflix has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels. (#CVE-2019-11479 : Excess Resource Consumption Due to Low MSS Values (all Linux versions)
We want to detecting this flaw with Zeek,but looks like there's no way to get the MSS(Maximum segment size) value of TCP Option,any ideas?
Threat Detection & Hunting
I’m trying to create my first protocol analyzer with BinPac for the
synchrophasor protocol (IEEE Std C37.118) – from what I can tell, nobody
has made an analyzer for it yet. I'm trying to define the message format in
synchrophasor-protocol.pac. However, stuff like the format of data packets
are based on a previously sent configuration packet. How do I write
synchrophasor-protocol.pac so I can parse them based on the previously sent
packet? Here’s some documentation on the protocol if you need it:
Again, this is my first time trying to write a protocol analyzer with
BinPac, so sorry if this is obvious.