Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
400
Views
0
Helpful
1
Replies

Resetting a P2P connection

tasksrl7808
Level 1
Level 1

‎10-18-2005 02:20 AM - edited ‎03-10-2019 01:42 AM

Hi!

As I wrote in my previous post: "TCP Reset feature" I would like to reset a P2P connection using the TCP Reset action of Cisco IDS. I cannot block the IP (shun connection) since it could represent a NAT address.

Anyone has solved the same problem?

I cannot obtain the RESET, probably because of my router IOS Version 12.0 ?

I'm quite sure it is not possible to reset the connection by PIX, is it true?

Regards

Francesco

Labels:
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎10-18-2005 06:13 PM

TCP Resets are sent out the sniffing interface of the sensor to each end host in the connection, NOT to your router or PIX. Your router software version has noting to do with TCP RST's not working. In fact they may well be working, it's just the P2P app is rebuilding the connection again. In fact a lot of P2P apps will use UDP for file transfers, so TCP RST obviously won't help you in this case.

To really confirm that TCP Reset is working first off make sure the particular signature is actually firing off alerts when P2P traffic is seen. Then enable TCP RST on that signature, and always remember that the RST is sent out the sniffing interface of the sensor, so if you have spanned a port on your switch to that sniffing interface you need to allow input packets on that span port, by default span ports are only outbound packets. Use the "help" on your span command to see the input packet options.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card