Hi,
I would like to know the timing of router shunning.
Is the shunning executed after the first attack has completed ?
In this case, the first attack cannot be blocked, and
the later attacks are blocked by router, I think.
For example, if we enabled the router shunning function,
and a "DNS Zone transfer from High Port" alert is detected,
can the attacker gain the DNS Zone information ?
How about other signautures ?
If we want to block the first attack, should we use the
TCP Reset function for TCP based attacks ?
Thank you,
Daiichiro Beppu
NTT DATA SECURITY
Japan