Which FirePOWER preprocessor engine is used to prevent SYN attacks?

Which FirePOWER preprocessor engine is used to prevent SYN attacks?
A . Rate-Based Prevention
B . Portscan Detection
C . IP Defragmentation
D . Inline Normalization

View Answer

Answer: A

Explanation:

Rate-based attack prevention identifies abnormal traffic patterns and attempts to minimize the impact of that traffic on legitimate requests. Rate-based attacks usually have one of the following characteristics:

+ any traffic containing excessive incomplete connections to hosts on the network, indicating a SYN flood attack

+ any traffic containing excessive complete connections to hosts on the network, indicating a TCP/IP connection flood attack

+ excessive rule matches in traffic going to a particular destination IP address or addresses or coming from a particular source IP address or addresses.

+ excessive matches for a particular rule across all traffic.

Preventing SYN Attacks

The SYN attack prevention option helps you protect your network hosts against SYN floods. You can protect individual hosts or whole networks based on the number of packets seen over a period of time. If your device is deployed passively, you can generate events. If your device is placed inline, you can also drop the malicious packets. After the timeout period elapses, if the rate condition has stopped, the event generation and packet dropping stops.

Source: http://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user­guide/asa-firepower- module-user-guide-v541/Intrusion-Threat-Detection.html