With which preprocesor do you detect incomplete TCP handshakes
A.
rate based prevention
B.
port scan detection
Explanation:
Rate-based attack prevention identifies abnormal traffic patterns and attempts to minimize the
impact of that traffic on legitimate requests. Rate-based attacks usually have one of the
following characteristics:
+ any traffic containing excessive incomplete connections to hosts on the network, indicating
a SYN flood attack
+ any traffic containing excessive complete connections to hosts on the network, indicating a
TCP/IP connection flood attack
+ excessive rule matches in traffic going to a particular destination IP address or addresses or
coming from a particular source IP address or addresses.
+ excessive matches for a particular rule across all traffic.
http://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asafirepower-module-user-guide-v541/Intrusion-Threat-Detection.html