Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1320
Views
0
Helpful
0
Replies

IPS action Reset-TCP-Connection for echo request signature

PENGp
Level 1
Level 1

‎05-14-2020 07:02 PM

Hi.

 

I am doing the Lab "Configuring an Intrusion Prevention System" of Chapter 5 "Implementing Intrusion Prevention" of "CCNA Security" on Netacad. I have a question for the Step 3 "Modify the signature" of Task 6 "Test the IPS Rule and Modify a Signature". Need your help!

 

This step asks us to un-retire the echo request signature (signature 2004 with subid 0), enable it, and change the action to alert, drop, and reset.

 

"R1(config-sigdef-sig-engine)# event-action produce-alert

R1(config-sigdef-sig-engine)# event-action deny-packet-inline

R1(config-sigdef-sig-engine)# event-action reset-tcp-connection"

(copied from the lab manual)

 

I understand the action alert and drop, but I do not understand the action reset. The signature 2004 with a subsig 0 is about ICMP. As we know, ICMP is neither TCP nor UDP. I am wondering why there is an action "reset-tcp-connection"?

 

Thank you very much!

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card