As I wrote in my previous post: "TCP Reset feature" I would like to reset a P2P connection using the TCP Reset action of Cisco IDS. I cannot block the IP (shun connection) since it could represent a NAT address.
Anyone has solved the same problem?
I cannot obtain the RESET, probably because of my router IOS Version 12.0 ?
I'm quite sure it is not possible to reset the connection by PIX, is it true?
TCP Resets are sent out the sniffing interface of the sensor to each end host in the connection, NOT to your router or PIX. Your router software version has noting to do with TCP RST's not working. In fact they may well be working, it's just the P2P app is rebuilding the connection again. In fact a lot of P2P apps will use UDP for file transfers, so TCP RST obviously won't help you in this case.
To really confirm that TCP Reset is working first off make sure the particular signature is actually firing off alerts when P2P traffic is seen. Then enable TCP RST on that signature, and always remember that the RST is sent out the sniffing interface of the sensor, so if you have spanned a port on your switch to that sniffing interface you need to allow input packets on that span port, by default span ports are only outbound packets. Use the "help" on your span command to see the input packet options.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...