Basic Sensor Doubts

Unanswered Question
Mar 23rd, 2009
User Badges:

Hi all,


I am having some basic doubts regarding the functionality of the sensor.


case 1

------


Assume that sensor is in inline mode.Then


1) By default "stop" atomic attacks

2) By default "stop" attacks that span multiple packets

3) By default block IP address or network addresses without "blocking" being configured?


In the above case how is "stoping" an attack differnet from blocking it?


case 2

------

Assume that sensor is in promiscous mode

1) By default "stop" atomic attacks

2) By default "stop" attacks that span multiple packets

3) By default block IP address or network addresses without "blocking" being configured


Also in this case how is "stoping" an attack different from "blocking" an IP or network address?


Thanks in advance

MD

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
larry.atkins Mon, 03/23/2009 - 12:39
User Badges:

Doesn't blocking actually drop all traffic from that IP for a specified period while dropping or stopping means it drops the packets as they are triggered?

Actions

This Discussion