Skip main navigation (Press Enter).

Become a Member

Security

View Only

Back to discussions

Expand all | Collapse all

Full TCP Handshake Post IP Block

This thread has been viewed 1 times

GregohmyeggoMar 30, 2017 11:35 AM

Hello, Would there be any legitimate reason to see a successful TCP handshake from an internal host ...

Dennis HandlyApr 02, 2017 10:33 PM

HPE sold Tippingpoint to Trendmicro in 2015. Not sure how much help you'll get in this dead forum. ...

1. Full TCP Handshake Post IP Block

Kudos
Gregohmyeggo
Posted Mar 30, 2017 11:35 AM

Reply Reply Privately
Hello,

Would there be any legitimate reason to see a successful TCP handshake from an internal host to an external IP address after blocking the external IP address globally at the perimeter?

For instance, we have blocked IP address x.x.x.x globally, but packet capture indicates a full SYN, SYN-ACK, ACK to the external web server before the actual GET/HTTP request is blocked.
2. RE: Full TCP Handshake Post IP Block

Kudos
Dennis Handly
Posted Apr 02, 2017 10:33 PM

Reply Reply Privately
HPE sold Tippingpoint to Trendmicro in 2015. Not sure how much help you'll get in this dead forum.
http://newsroom.trendmicro.com/press-release/company-milestones/trend-micro-acquires-hp-tippingpoint

Contact

WW Corporate Headquarters - Spring, TX - United States
1701 E Mossy Oaks Rd
Spring, TX 77389

Disclaimer

The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.hpe.com for current and complete HPE Aruba Networking product lines and names.

Company

Environmental Citizenship

Terms of service

Support

Support Services

Contact Support

Training & Certification

Software Downloads

Licensing Login

Partners

Become a Partner

Partner Ready for Networking

Technology Partner Programs

Copyright 2024. All rights reserved.

Powered by Higher Logic

Global message icon