TCP: S2C Exploit Overlapping Urgent Data

This protocol anomaly triggers when it detects overlapping urgent data. While some protocols (like FTP) use the URGPTR flag in the TCP header to signal out-of-band data, it is rare to see overlapping urgent data. This can be an evasion attempt.

Extended Description

TCP datagrams containing overlapping URGENT data, or a set URGENT flag and overlapping sequence numbers constitute a protocol anomaly. The condition could indicate that a data transmission error has occurred, or that an attack involving the injection of malformed datagrams into the network is underway.

Short Name
TCP:S2C:EXPLOIT:S2C-URG-OVERLAP
Severity
Major
Recommended
False
Recommended Action
Drop Packet
Category
TCP
Release Date
04/22/2003
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3324
False Positive
Unknown

Found a potential security threat?