Rule

--
Sid
111-18

--
Summary:
This event is generated when the stream4 preprocessor detects anomalous network traffic.

--
Impact:
Unknown. This is an indication of anomalous behaviour between networked assets.

--
Detailed Information:
This event is generated when the stream4 preprocessor detects anomalous network traffic.

In particular, the preprocessor has detected multiple acked packets which may indicate an attack or session corruption using fragroute.

--
Affected Systems:
All networked systems.

--
Attack Scenarios:


--
Ease of Attack:
Simple.

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:


--
Contributors:
Sourcefire Vulnerability Research Team


--
Additional References:


--
