This article contains information about the Acknowledging Datagram Packet (ACK) Storm Protection in Deep Security.
The acknowledging datagram packet (ACK) storm is a documented network anomaly (RCF 1337 TIME-WAIT Assassination Hazards) where an unsolicited ACK is received by the host.
The server responds with an ACK pointing back to the source peer and a loop is created. This can occur legitimately and is usually a short-lived event since the loss of any duplication ACK will end the storm.
However, an attacker can leverage this anomaly to launch a denial of service attack by sending several hundred malformed ACKs over the same TCP session.
The information that we got regarding this matter states that most vendors ignore this condition even though Sun published the following advisory as a side effect of its TCP implementation: Solaris Hosts are Vulnerable to a Denial of Service Induced by an Internet Transmission Control Protocol (TCP) "ACK Storm"
Deep Security has taken the proactive approach to include a specific protection mechanism for potential DoS attacks.
The protection against ACK Storm can be configured under the Stateful Configurations in the Deep Security Manager (DSM).