The SYN/RST-Only Packet Sources sensor looks for hosts that send out unusually large amounts of SYN-RST packets. This behavior may indicate a SYN or RST flood.
Troubleshooting an SYN/RST-Only Packet Sources Alert
An alert from the SYN/RST-Only Packet Sources sensor may indicate that someone is attempting to hack into the network. Specifically, SYN-RST packets are associated with attempts to bypass a firewall perimeter.
SYN/RST-only packet flows signal a connection establishment request that is immediately followed by a reset request, which is not characteristic of normal TCP behavior. This behavior typically indicates scanning activity, which may include OS fingerprinting.
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|