TippingPoint
cancel
Showing results for 
Search instead for 
Did you mean: 

Full TCP Handshake Post IP Block

Gregohmyeggo
Visitor

Full TCP Handshake Post IP Block

Hello,

Would there be any legitimate reason to see a successful TCP handshake from an internal host to an external IP address after blocking the external IP address globally at the perimeter?

For instance, we have blocked IP address x.x.x.x globally, but packet capture indicates a full SYN, SYN-ACK, ACK to the external web server before the actual GET/HTTP request is blocked.

1 REPLY
Dennis Handly
Acclaimed Contributor

Re: Full TCP Handshake Post IP Block

HPE sold Tippingpoint to Trendmicro in 2015.  Not sure how much help you'll get in this dead forum.

http://newsroom.trendmicro.com/press-release/company-milestones/trend-micro-acquires-hp-tippingpoint