Hi all,
I am having some basic doubts regarding the functionality of the sensor.
case 1
------
Assume that sensor is in inline mode.Then
1) By default "stop" atomic attacks
2) By default "stop" attacks that span multiple packets
3) By default block IP address or network addresses without "blocking" being configured?
In the above case how is "stoping" an attack differnet from blocking it?
case 2
------
Assume that sensor is in promiscous mode
1) By default "stop" atomic attacks
2) By default "stop" attacks that span multiple packets
3) By default block IP address or network addresses without "blocking" being configured
Also in this case how is "stoping" an attack different from "blocking" an IP or network address?
Thanks in advance
MD