| Publisher | Cisco Systems | ||
|---|---|---|---|
| Format | 144.1KB PDF | Date added | 01 Jul 2006 |
| Topics | Firewalls, Denial of Service, Intrusion Detection Systems | ||
| Downloads | 8 | ||
Cisco IOS Stateful Packet Inspection maintains counters of the number of "Half-open" TCP connections, as well as the total connection rate through the firewall and intrusion prevention software. These half-open connections are TCP connections that have not completed the SYN - SYN/ACK - ACK handshake that is always used by TCP peers to negotiate the parameters of their mutual connection. Cisco IOS Firewall also regards User Datagram Protocol (UDP) sessions with traffic in only one direction as "Half-open", as nearly all applications that use UDP for transport will acknowledge reception of data. UDP sessions without acknowledgement are likely indicative of DoS activity, or attempts to connect between two hosts where one of the hosts has become unresponsive.
Did you find this white paper useful?
0 out of 2 users found this white paper useful
Related white papers
Stopping Crimeware and Malware: How to Close the Vulnerability Window
Computer users can no longer wait for a new vaccine every time a new security threat appears. This security gap has already cost individuals and businesses billions of dollars...
Deep Packets: Application Layer Security Threats
Attackers have progressed from scanning network ports and creating denial-of-service attacks to targeting software such as Web browsers, Web servers, e-mail programs and even database servers. Viruses can sometimes go...
Protecting the Enterprise Network: Layered Network Security Defense
Securing the network perimeter and prohibiting unauthorized access from within can prove to be a daunting challenge. Today's businesses must guarantee uninterrupted access to network resources. Products must be designed...
Gene Kim Presents "Surviving and Benefiting from an Audit" with Craig Morgan, Partner KPMG
An audit is a necessary and often painful event for many companies. As difficult as it is to imagine, it is possible to benefit from an audit. By understanding the...
Wireless worries: Unauthorized hot spots and rogue warriors
Many businesses and educational institutions have their own wireless networks-- but are often faced with policing rogue wireless hot spots brought in by employees or students. The rogue hot spots...
Top 10 Reasons Why Disk is Replacing Tape for Backup
The fact that tape – the de-facto method for protecting data – simply doesn’t work is becoming too obvious to ignore. Industry analysts have long noted that tape backups fail...
Denial of Service and Distributed Denial of Service Protection
To obtain full protection for DoS attacks, organizations typically need to purchase multiple proxy servers, network security devices, intrusion preventions systems, as well as software packages, updates, and expanded licenses...
