Basic TCP ALG

[Contents] [Prev] [Next] [Index] [Report an Error]

Basic TCP ALG
This ALG performs basic sanity checking on TCP packets. If it finds errors, it generates the following anomaly events and system log messages:

TCP source or destination port zero

TCP header length check failed

TCP sequence number zero and no flags are set

TCP sequence number zero and FIN/PSH/RST flags are set

TCP FIN/RST or SYN(URG|FIN|RST) flags set

The TCP ALG performs the following steps:

When the router receives a SYN packet, the ALG creates TCP forward and reverse flows and groups them in a conversation. It tracks the TCP three-way handshake.

The SYN-defense mechanism tracks the TCP connection establishment state. It expects the TCP session to be established within a small time interval (currently 4 seconds). If the TCP three-way handshake is not established in that period, the session is terminated.

A keepalive mechanism detects TCP sessions with nonresponsive endpoints.

ICMP errors are allowed only if there is a flow that matches the selector information specified in the ICMP data.

[Contents] [Prev] [Next] [Index] [Report an Error]