Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
473
Views
0
Helpful
2
Replies

IDS tcp reset.

mbserrano
Level 1
Level 1

‎05-19-2002 06:56 PM - edited ‎03-08-2019 10:41 PM

Is tcp reset on by default on the ids box? if not how do i do it?

thanks

Labels:
0 Helpful
2 Replies 2

marcabal
Cisco Employee
Cisco Employee

‎05-20-2002 06:15 AM

When configuring each signature there is an action that can be assigned to each signature:

Block/Shun - creation of ACLs on routers and firewalls to block the ip

TCP Reset - sending of tcp reset packets to shutdown the connection

IP Log - capturing the packets from the source address in a binary format

Combinations - any combination of the above actions

So to turn on TCP Resets you just need to configure certain signatures to have an action of TCP Resets.

Other things you should know:

1) The IDS Module does not support TCP Resets

2) The TCP Resets will be sent out the sniffing interface of the sensor.

3) If the sensor is connected to a span port of the switch, the switch may block the TCP Reset from being sent out. This is a switch issue, and not a sensor issue. Some switches allow it by default, some have it as a configurable option (inpkts enable) and others never allow it. You will need to read on your particular switch to determine if it will allow in the TCP Resets.

4) I have heard that some firewalls may block the TCP Resets, but I don't have any specifics.

Marco

0 Helpful

mbserrano
Level 1
Level 1
In response to marcabal

‎05-20-2002 05:46 PM

thanks for the help.

0 Helpful
Customers Also Viewed These Support Documents