Basic Sensor Doubts

Unanswered Question
Mar 23rd, 2009

Hi all,

I am having some basic doubts regarding the functionality of the sensor.

case 1

------

Assume that sensor is in inline mode.Then

1) By default "stop" atomic attacks

2) By default "stop" attacks that span multiple packets

3) By default block IP address or network addresses without "blocking" being configured?

In the above case how is "stoping" an attack differnet from blocking it?

case 2

------

Assume that sensor is in promiscous mode

1) By default "stop" atomic attacks

2) By default "stop" attacks that span multiple packets

3) By default block IP address or network addresses without "blocking" being configured

Also in this case how is "stoping" an attack different from "blocking" an IP or network address?

Thanks in advance

MD

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
larry.atkins Mon, 03/23/2009 - 12:39

Doesn't blocking actually drop all traffic from that IP for a specified period while dropping or stopping means it drops the packets as they are triggered?

Actions

This Discussion