Which Cisco ASA feature enables the ASA to do these two things? 1) Act as a proxy for the server
and generate a SYN-ACK response to the client SYN request. 2) When the Cisco ASA receives
an ACK back from the client, the Cisco ASA authenticates the client and allows the connection to
the server.
A.
TCP normalizer
B.
TCP state bypass
C.
TCP intercept
D.
basic threat detection
E.
advanced threat detection
F.
botnet traffic filter
Explanation:
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/conns_connlimits.html#w
p1080734
TCP Intercept and Limiting Embryonic Connections
Limiting the number of embryonic connections protects you from a DoS attack. The ASA uses the
per-client limits and the embryonic connection limit to trigger TCP Intercept, which protects inside
systems from a DoS attack perpetrated by flooding an interface with TCP SYN packets. An
embryonic connection is a connection request that has not finished the necessary handshake
between source and destination. TCP Intercept uses the SYN cookies algorithm to prevent TCP
SYN-flooding attacks. A SYN-flooding attack consists of a series of SYN packets usually
originating from spoofed IP addresses. The constant flood of SYN packets keeps the server SYN
queue full, which prevents it from servicing connection requests. When the embryonic connection
threshold of a connection is crossed, the ASA acts as a proxy for the server and generates a SYNACK response to the client SYN request. When the ASA receives an ACK back from the client, it
can then authenticate the client and allow the connection to the server.