| Publisher | Cisco Systems | ||
|---|---|---|---|
| Format | 144.1KB PDF | Date added | 01 Jul 2006 |
| Topics | Firewalls, Denial of Service, Intrusion Detection Systems | ||
| Downloads | 8 | ||
Cisco IOS Stateful Packet Inspection maintains counters of the number of "Half-open" TCP connections, as well as the total connection rate through the firewall and intrusion prevention software. These half-open connections are TCP connections that have not completed the SYN - SYN/ACK - ACK handshake that is always used by TCP peers to negotiate the parameters of their mutual connection. Cisco IOS Firewall also regards User Datagram Protocol (UDP) sessions with traffic in only one direction as "Half-open", as nearly all applications that use UDP for transport will acknowledge reception of data. UDP sessions without acknowledgement are likely indicative of DoS activity, or attempts to connect between two hosts where one of the hosts has become unresponsive.
Did you find this white paper useful?
0 out of 2 users found this white paper useful
Related white papers
Enabling business growth with expert security solutions. Protecting your systems and your data
Hackers, viruses, worms, spams, spy ware and inside attacks can stop organisations growing. This white paper deals with these vunerabilities and how to achieve cost effective soultions.
Understanding Web application security challenges
Business has grown increasingly independent upon web applications and they are becoming more difficult to secure. This paper explains what you can do to protect your organization and improve Web...
Why Your Standard IPS Leaves You Open to DDoS Attacks
Off late Distributed Denial of Service (DDoS) attacks are specifically designed to leverage the weaknesses of a standard Intrusion Prevention System (IPS), which is not able to defend against a...
Pushing Security to the Perimeter: Trusted Computing Technology Adapts to Changing Enterprise Needs
Security concerns, identity theft and regulatory compliance requirements are converging to drive the enterprise's need for strong identity and access management (IAM) solutions. These solutions can include enterprise single sign-on...
The dirty dozen: preventing common application-level hack attacks
As organizations have grown increasingly dependent on online software, the risk of malicious attacks has also become far more serious. Such attacks can bring a business to a standstill, cost...
DDoS Defense Mechanism by Applying Stamps
In current trend, internet plays a vital role in the life and distributed computing structure grows dramatically in size, functionality and complexity and has become the integral part of the...
Using NetFlow Auditor to Assist in Identifying Distributed Denial-of-Service (DDoS) Attacks and Other Network Behavior Anomalies
This Paper covers how Denial of Service Attacks (DoS) and Distributed Denial of Service Attacks (DDos) can be identified early to mitigate and attack. The paper will reflect a method...
