Which of the following traffic types can be detected by the FirePOWER ratebased prevention preprocessor
engine? (Select the best answer.)
A.
Back Orifice traffic
B.
distributed port scan traffic
C.
port sweep traffic
D.
SYN flood traffic
Explanation:
The FirePOWER ratebased prevention preprocessor engine can detect SYN flood traffic. A FirePOWER
Intrusion Prevention System (IPS) has several predefined preprocessor engines that can be used in network
policies to detect specific threats? the preprocessors focus on detecting Back Orifice attacks, detecting port
scan attacks, preventing ratebased attacks, and detecting sensitive data. The ratebased prevention
preprocessor detects traffic abnormalities based on the frequency of certain types of traffic. The following traffic
patterns can trigger ratebased attack prevention:
-Traffic containing excessive incomplete Transmission Control Protocol (TCP) connections
-Traffic containing excessive complete TCP connections
-Excessive rule matches for a particular IP address or range of IP addresses
-Excessive rule matches for one particular rule regardless of IP address
Distributed port scan traffic and port sweep traffic can be detected by the portscan detection preprocessor. Port
scanning traffic can be an indicator that an attacker is conducting network reconnaissance prior to an attack.
Although legitimate port scanning traffic can periodically exist on a network, the portscan detection
preprocessor can distinguish between legitimate scanning and potentially malicious traffic based on the activity
patterns found in the analysis of port scanning traffic.
The FirePOWER IPS has a preprocessor dedicated to Back Orifice traffic. Back Orifice and its variants exploit
a vulnerability in Microsoft Windows hosts to gain complete administrative control of the host. Back Orifice
traffic can be identified by the presence of a specific token, known as a magic cookie, in the first eight bytes of
a User Datagram Protocol (UDP) packet.Cisco: Detecting Specific Threats: Understanding RateBased Attack Prevention