State – Force10 Networks PSeries 100-00055-01 User Manual

128

Snort

Snort is an open source network intrusion detection and prevention system that uses rules
created with a special syntax to examine and control specified traffic.

SPAN Port

Switched Port Analyzer (SPAN) Port is a switch port that receives a copy of specific traffic that
passes through a switch. The SPAN port is also called a mirroring port.

State

State is information about a flow including the source address, destination address, source
port, and destination port. See

Flow

.

Static Rules

Static rules are rules that are specified in a file using Snort syntax, and then compiled to
become part of the firmware. Static rules can be disabled/enabled individually, but they cannot
be changed once they have been loaded into the FPGA. To change static rules, you make
changes to the rules in the original rules file, recompile them, and reload the new firmware in
the FPGA.

SYN

A synchronous packet (SYN) is a packet sent from the client to the server that requests a TCP
connection. It is the first part of the TCP handshake that establishes a TCP connection
between the client and server.

The second part of the handshake is where the server sends a SYN-ACK packet back to the
client to acknowledge the receipt of the SYN request. Finally, the client sends an ACK packet
to the server to complete the connection. A SYN flood is a type of denial of service attack
where a series of handshakes is initiated but not completed because the final ACK packet is
never sent to the server. This occupies the server’s resources, which results in a denial of
service for other clients. See

ACK

.

Tap

A tap is a device that can passively monitor network traffic, and is analogous to a telephone
wire tap.

XFP

XFP is a tranceiver that interfaces a network device and a fiber or unsheilded twisted pair
(UTP) network cable. It can transmit data at a rate of 10 Gb/s.