cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
639
Views
0
Helpful
2
Replies

TCP reset packet

Perbo
Level 1
Level 1

Quite often Hackers would send tcp reset packets

is there an Signature for that ??????

cheers

per

2 Replies 2

wsulym
Cisco Employee
Cisco Employee

Sounds like you are looking for a signature that fires when something like nmap is trying to fingerprint an OS - sig 3046 would fire on a figerprinting attempt. Would need addt'l detail as to exactly what is going on if you want to narrow down a particular type of attack

'

mlhall
Cisco Employee
Cisco Employee

There are several different times when an attacker might send RST packets. What are you looking for?

CSIDS does have signatures that use RST as part of the signature, but we don't alarm on every RST. They do have a valid use as well.