×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.
marcabal Mon, 01/14/2002 - 12:54
User Badges:
  • Cisco Employee,

The NeverShunAddress will not affect whether or not the sensor resets a TCP connection.


If you have a signature configured with a TCP Reset action, there are only 3 methods to prevent the TCP Reset from happening.

1) Use a switch which can prevent incoming packets from a SPAN port. This will of course prevent any and all TCP Resets from the sensor.

2) Set the action for the signature to None or an action such as Shun or IP Log without TCP Resets. No connections matching that signature will then be reset.

3) Exclude the signature for a given address set. This will prevent an alarm from firing for a given set of source and destination addresses for the signature. The TCP Resets will not get sent if the signature exclusions prevents the creation of the alarm.



Actions

This Discussion