Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
260
Views
0
Helpful
2
Replies

Benifits of TCP resets

gpoer
Beginner
Beginner

‎08-20-2002 07:17 PM - edited ‎03-09-2019 12:00 AM

Does anyone have any documentation on the benifits of TCP Resets?

thanks,

Geoff

Labels:
0 Helpful
2 Replies 2

lisa.hall
Explorer
Explorer

‎08-28-2002 01:43 PM

TCP resets attempt to tear down the TCP connection by sending a fabricated reset that appears to be from the receiving device to the attacking device. One reason for using this method would be for SAFE Nimda

attack mitigation.

http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/snam_wp.htm

0 Helpful

ccoleman
Beginner
Beginner

‎09-01-2002 04:02 AM

Geoff,

Lisa's answer below is 100% technically correct. I however, will caution you in the method and frequency of implementing TCP RSTs. A couple of scenarios can arise from being overzealous with the response.

First off there's the world of false positives. Although the CiscoSecure engine is one of the better engines on the market it is not accurate 100% of the time. What you don't want to do is send RSTs to a valid connection that is being reported as a false positive.

You also need to be careful using RSTs for attacks like NIMDA or or aggressive dataflows. The scenario may also arise where between packet inspection and crafting RSTs the processing burden on your sensor could degrade and even become back logged. I've seen a sensor in this scenario backlogged by 8 hours of heavy NIMDA traffic.

Hope this helps.

CC

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents