next up previous
Next: Reliable RSTs Up: Network Intrusion Detection: Evasion, Previous: The IP Identifier and

Examples of TCP Normalizations

We applied the same ``walk the header'' methodology as in the previous section to TCP, UDP, and ICMP. However, due to space limitations we defer the detailed analysis to [4], and in this section focus on three examples for TCP that illuminate different normalization issues: reliable RSTs, cold start for TCP, and an example of a TCP ambiguity that a normalizer cannot remove.


Vern Paxson