Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

false negative for syn ack scan

Our sensors are false negative on all syn ack scans that are received. Is there a signature current on the ids that will capture the following?

1 2006-11-14 14:27:04.287620 202.103.178.165 my.net.163.77 TCP http > 21129 [SYN, ACK] Seq=0 Ack=0 Win=0 Len=0 MSS=0

cut

10 2006-11-14 14:27:06.868677 202.103.178.165 my.net.251.125 TCP http > 606 [SYN, ACK] Seq=0 Ack=0 Win=0 Len=0 MSS=0

1 REPLY
Community Member
222
Views
0
Helpful
1
Replies
CreatePlease to create content