Cisco Cisco Firepower Management Center 4000

Detects TCP headers with invalid TCP options not detected by other TCP decoding event options. 
For example, this option detects TCP options with the incorrect length or with a length that places 
the option data outside the TCP header.

You can enable rules 116:54, 116:55, and 116:59 to generate events for this option. See 

 for more information.

Detects other decoding errors not detected by the more specific IP and TCP decoder options. For 
example, the decoder might detect a malformed data-link protocol header.

To generate events for this option, you can enable any packet decoder rule other than rules 
specifically associated with other packet decoder options. See 

 for 

more information

Note that the following rules generate events triggered by anomalous IPv6 traffic: 116:270 through 
116:274, 116:275 through 116:283, 116:291, 116:292, 116:295, 116:296, 116:406, 116:458, 
116:460, 116:461.

Note also the following rules associated with the inline normalization preprocessor 

 

option:

You can enable rule 116:428 to generate an event when the system detects an IPv4 packet with 
a TTL less than the specified minimum.

You can enable rule 116:270 to generate an event when the system detects an IPv6 packet with 
a hop limit that is less than the specified minimum.

See the inline normalization 

 option in 

more information.

Protection

You can configure packet decoding on the Packet Decoding configuration page. For more information 
packet decoding configuration options, see 

Admin/Intrusion Admin

Select 

The Intrusion Policy page appears.

Click the edit icon (

) next to the policy you want to edit.

If you have unsaved changes in another policy, click 

 to discard those changes and continue. See 

 for information on saving unsaved changes in another 

policy.

The Policy Information page appears.

Click 

 in the navigation panel on the left.

The Advanced Settings page appears.