Rule Category


Alert Message

Rule Explanation

The TCP packet is missing the acknowledgment flag for an established session.

What To Look For

This rule looks for TCP sessions that do not initialize a three-way handshake properly.

Known Usage

No public information

False Positives

No known false positives


Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic: Command and Control

Technique: Standard Application Layer Protocol

For reference, see the MITRE ATT&CK vulnerability types here:

Rule Vulnerability


Not Applicable

CVE Additional Information