Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
421422423424425426427428429430
6-17
Intrusion Detection and Prevention
Threat Detection and Prevention
Figure 6-5. TCP SYN Attack, Open Port
If the port is open, the host returns an acknowledgement (ACK) packet.
The TCP SYN scan is detected both when the module receives only SYN
packets and when the full TCP handshake (SYN, SYN/ACK, ACK) is per-
formed. When the module detects 1000 or more SYN packets in one second,
it registers an attack.
TCP FIN Scan
In this scan, the attacker attempts to discover which TCP ports are open on a
host by sending an unsolicited finish (FIN) packet to a particular port.
Figure 6-6. TCP FIN Scan, Closed Port
If the port is closed, the host returns a reset (RST) packet.