Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
981
Views
0
Helpful
1
Replies

Atomic TCP Signatures

khanj
Level 1
Level 1

‎01-02-2005 10:09 PM - edited ‎03-10-2019 01:13 AM

Can we use an atomic.tcp signature to trigger any event that causes a SYN packet sent to a host? And will it fire if for example we establish a telnet session to the host? (I assure telnet first establishes a TCP session and a SYN should go out at some point).

Labels:
0 Helpful
1 Reply 1

micballa
Level 1
Level 1

‎01-04-2005 07:02 AM

If you want a signature that fires on any SYN packet being sent to a certain host, you can use the atomic.tcp engine. You will need to write a signature for any packet with the SYN flag set and then use filters to filter out the alarms for the host you are concerned with. If this is not what you are looking for, can you please clarify what you are trying to trigger on.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card