Cisco Bug: CSCtc58632 - SSM IPS sends TCP RST to wrong TCP seq number
Nov 08, 2016
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
Symptom: When IPS detects malicious traffic, it denies packet inline and sends TCP reset to the attacker and a victim host. However when IPS sends TCP RESET, it sends TCP reset to a wrong sequence number which makes hosts remain old connection and keep the socket open. Conditions: IPS is configured as inline.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases