| Publisher | Cisco Systems | ||
|---|---|---|---|
| Format | 144.1KB PDF | Date added | 01 Jul 2006 |
| Topics | Firewalls, Denial of Service, Intrusion Detection Systems | ||
| Downloads | 8 | ||
Cisco IOS Stateful Packet Inspection maintains counters of the number of "Half-open" TCP connections, as well as the total connection rate through the firewall and intrusion prevention software. These half-open connections are TCP connections that have not completed the SYN - SYN/ACK - ACK handshake that is always used by TCP peers to negotiate the parameters of their mutual connection. Cisco IOS Firewall also regards User Datagram Protocol (UDP) sessions with traffic in only one direction as "Half-open", as nearly all applications that use UDP for transport will acknowledge reception of data. UDP sessions without acknowledgement are likely indicative of DoS activity, or attempts to connect between two hosts where one of the hosts has become unresponsive.
Did you find this white paper useful?
0 out of 2 users found this white paper useful
Related white papers
Enabling business growth with expert security solutions. Protecting your systems and your data
Hackers, viruses, worms, spams, spy ware and inside attacks can stop organisations growing. This white paper deals with these vunerabilities and how to achieve cost effective soultions.
Understanding Web application security challenges
Business has grown increasingly independent upon web applications and they are becoming more difficult to secure. This paper explains what you can do to protect your organization and improve Web...
Telecom Italia Sparkle and Cisco Systems Join Forces to Build S@FE
Telecom Italia Sparkle (TI Sparkle), a wholly owned subsidiary of Telecom Italia SpA, was established in 2003 with the objective of developing and consolidating the Italian Group's international wholesale and...
Laying the IT Security Foundation - Corralling Conficker and Other Threats in an Evolved Environment
The traditional security approach addresses each individual attack as it crops up through a detect and blocking schema. However in today's ever-changing IT environment, sophisticated threats such as Conficker worm...
NaviSite Managed Messaging: Who Will Manage Your Enterprise Messaging?
This paper explores messaging trends, including growth in email volume and mailbox size, and pressure to reduce costs in light of increasing technological complexity and availability requirements. The paper...
A Link Signature Based DDoS Attacker Tracing Algorithm Under IPv6
The ipv6 security architecture, IPSec, plays a positive role in the protection of IPv6 networks. To some special attacks, especially DDoS attacks, IPSec appears relatively weak, because IPSec can only...
Dynamic and Auto Responsive Solution for Distributed Denial-of-Service Attacks Detection in ISP Network
Denial of Service (DoS) attacks and more particularly the distributed ones (DDoS) are one of the latest threat and pose a grave danger to users, organizations and infrastructures of the...
