Guest

Cisco Security

Cisco Security

TCP SACK Data Option

 
Signature ID: 1306/2
Original Release:S149
Release:S675 (download)
Original Release Date:2005 March 04
Latest Release Date:2012 October 23
Default Enabled:False
Default Retired:False
Alarm Severity:Informational
Fidelity:100 

Description

This signature fires when a TCP selective ACK data option is seen. All 1306 Sigs will fire an alert in inline mode and will not function in promiscuous mode.

Recommended Filter

None recommended.

Benign Triggers

All of these options can and do occur in normal network traffic. This set of signatures allows the user to enforce policy related to these options. In addition if any problems with option parsing is found on end hosts in the future, the user can use these signature

IntelliShield Alerts

IntelliShield ID Headline VersionCVSS ScoreLast Published
1160TCP Segment Manipulation22008 October 28 14:03 GMT
19686Juniper JUNOS TCP Option Remote Denial of Service Vulnerability37.8/6.12010 January 11 16:13 GMT

Download

To download this and other IPS update files, please go to Cisco Secure Software Download.

LEGAL DISCLAIMER
THE INFORMATION ON THIS PAGE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION CONTAINED HEREIN, OR MATERIALS LINKED FROM THE DOCUMENT, IS AT YOUR OWN RISK. INFORMATION IN THIS DOCUMENT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
Powered by  IntelliShield