Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
444
Views
0
Helpful
3
Replies

tcp resets in passive mode

jahilnt10
Level 1
Level 1

‎03-14-2007 04:11 AM - edited ‎03-10-2019 03:30 AM

I know the resets are done by the sensor, not the PIX or router.

Is it possible if my IDS 4235 is working in passvie mode not inline to reset tcp sessions..? If yes than please explain how it does..

Labels:
0 Helpful
3 Replies 3

mhellman
Level 7
Level 7

‎03-14-2007 05:54 AM

It is possible. Normally the sensor will send resets out the same sensing interface the traffic was detected on. If it's a hub you're using, it should just work. If it's a switch, it depends on the capabilities of the switch. Refer to the documentation for your switch as to whether it can be configured to allow ingress traffic. Here's an example for the Cisco 2950.

http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a00801a6ba9.html#1218090

0 Helpful

abolfathi_0248
Level 1
Level 1
In response to mhellman

‎03-14-2007 10:32 AM

i think it is not possible to sending tcp RST via sensor that connected to a SPAN port in Catalyst 29xx , 3550 , 3560 , 3750 becuase regarding the SPAN put the port just in ingress mode (no traffic can leave the interface).in higher-level catalyst switched like 65xx , you can use packet capturing done by CLASS-MAP / POLICY-MAP so it can let you have both RX/TX traffic.

0 Helpful

mhellman
Level 7
Level 7
In response to abolfathi_0248

‎03-14-2007 01:54 PM

The only switch I've tested the TCP RST functionality on is a 2950. It worked fine.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card