TCP.Split.Handshake - Should I block it?

Forum|Forum|10 years ago
January 25, 2016
1 reply
26689 views

Hi

I am seeing a lot of IPS alerts from mobile devices on our wifi generating alerts for TCP.Split.Handshake. By default the rules on our Fortigate (v5.2.3) only detect TCP.Split.Handshake, question is should I change it to block?

Thanks for any help

Regards

Ian

5.2

razor

Visitor III

I would like to advise you to read the following article: http://watchguardsecurity...and-does-it-affect-me/

A piece of the story:

"First, you should know that this attack cannot punch holes in your firewall, willy-nilly, without user interaction. A key mitigating factor to the attack is that a client within your network must first make a connection to a malicious server on the internet, before this attack can even start. Some of the descriptions of the attack, which claim an external attacker can trick a firewall into giving them access as a trusted IP, seem to leave this fact out. So if you were worried that external attackers can just hop through your firewall on their own, don’t be."

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded