Cisco Cisco Firepower Management Center 2000

Cisco provides preprocessors that detect exploits at the network and transport layers. These 
preprocessors detect attacks that exploit IP fragmentation, checksum validation, and TCP and UDP 
session preprocessing. Before packets are sent to preprocessors, the packet decoder converts packet 
headers and payloads into a format that can be easily used by the preprocessors and the rules engine and 
detects various anomalous behaviors in packet headers. After packet decoding and before sending 
packets to other preprocessors, the inline normalization preprocessor normalizes traffic for inline 
deployments.

See the following sections for more information:

Protection

The system can verify all protocol-level checksums to ensure that complete IP, TCP, UDP, and ICMP 
transmissions are received and that, at a basic level, packets have not been tampered with or accidentally 
altered in transit. A checksum uses an algorithm to verify the integrity of a protocol in the packet. The 
packet is considered to be unchanged if the system computes the same value that is written in the packet 
by the end host.

Disabling checksum verification may leave your network susceptible to insertion attacks. Note that the 
system does not generate checksum verification events. In an inline deployment, you can configure the 
system to drop packets with invalid checksums.

Admin/Intrusion Admin

Select