Preview Tool

Cisco Bug: CSCtc58632 - SSM IPS sends TCP RST to wrong TCP seq number

Last Modified

Nov 08, 2016

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases


Description (partial)

When IPS detects malicious traffic, it denies packet inline and sends TCP reset to the attacker and a victim host.
However when IPS sends TCP RESET, it sends TCP reset to a wrong sequence number which makes hosts remain old connection and keep the socket open.

IPS is configured as inline.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.