Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 TCP:AUDIT:C2S-CLOSED-ACK

Severity

 Info

Recommended

 No

Category

 TCP

Release Date

 2003/08/27

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+

TCP: C2S Ambiguity Ack in Closed State


This protocol anomaly triggers when it detects a TCP ACK while in the CLOSED state. This can indicate IDP has been rebooted and is receiving packets for an existing connection. However, it can also indicate an attacker is using a scanner (such as NMAP), which does not establish a valid TCP connection, to probe the network.

Extended Description

None

References

  • URL: http://www.faqs.org/rfcs/rfc793.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out