Intrusion Prevention

Snort.TCP.SACK.Option.DoS

Description

This signature indicates detection of a TCP protocol anomaly of which a TCP packet containing a SACK option has a unusual short length.

Affected Products

Any host running TCP services

Impact

Protocol Anomaly: This is an anomaly which may also indicate attack attempts in some cases.

Recommended Actions

This indicates detection of traffic that does not comply with the protocol standard.
Monitor the traffic from that network for any suspicious activity.