AnsweredAssumed Answered

CP SmartDefense Distributed Attack

Question asked by David Boyett on Jul 17, 2018
Latest reply on Jul 19, 2018 by Dameon Welch-Abernathy

I have a case where SmartDefense  triggered a distributed attack alert on egress traffic. 

 

Messages observed:

"Streaming Engine: TCP SYN Modified Retransmission" with "Data received before SYN-ACK was acknowledged. Stripping all packet data".

 

Can anyone shed light on what these mean and what  might have caused this?  I suspect a misconfigured device somewhere. I understand the literal meaning of "Data received before SYN-ACK was acknowledged. Stripping all packet data" but not the first message. 

Any help is appreciated. 

 

Thank you. 

Outcomes