Showing results for 
Search instead for 
Did you mean: 
Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 1 of 1

Detect TCP protocol anomalies and session hijacking

Hi Dear community.

I'm now reading on the "Variables" option on ESM

Can someone explain the fallowing ?!

Thank you very much.


Detect TCP protocol anomalies and session hijacking

You can detect and alert on TCP protocol anomalies and check to TCP session hijacking using the Stream5 preprocessor variable.


  1. On the ESM console, click the Policy Editor icon .
  2. In the Rule Types pane, click Variable.
  3. In the rules display pane, click preprocessor, then select STREAM5_TCP_PARAMS.
  4. On the Modify Variable page, add one of the following in the Value field:
    • To detect and alert on TCP protocol anomalies, add detect_anomalies after policy first.

    • To check for TCP session hijacking, add detect_anomalies check_session_hijacking after policy first.

ePO Support Center Plug-in
Check out the new ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.