Hi.
I am doing the Lab "Configuring an Intrusion Prevention System" of Chapter 5 "Implementing Intrusion Prevention" of "CCNA Security" on Netacad. I have a question for the Step 3 "Modify the signature" of Task 6 "Test the IPS Rule and Modify a Signature". Need your help!
This step asks us to un-retire the echo request signature (signature 2004 with subid 0), enable it, and change the action to alert, drop, and reset.
"R1(config-sigdef-sig-engine)# event-action produce-alert
R1(config-sigdef-sig-engine)# event-action deny-packet-inline
R1(config-sigdef-sig-engine)# event-action reset-tcp-connection"
(copied from the lab manual)
I understand the action alert and drop, but I do not understand the action reset. The signature 2004 with a subsig 0 is about ICMP. As we know, ICMP is neither TCP nor UDP. I am wondering why there is an action "reset-tcp-connection"?
Thank you very much!