Rule Category

--

Alert Message

Rule Explanation

The TCP packet is missing the acknowledgment flag for an established session.

What To Look For

This rule looks for TCP sessions that do not initialize a three-way handshake properly.

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic: Command and Control

Technique: Standard Application Layer Protocol

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

Rule Vulnerability

N/A

Not Applicable

CVE Additional Information