Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Tcp Reset question - IPS Sensor 4255

I have this sensor doing tcp resets, the question I have is if I add a network to the "never block addresses" will the sensor still send tcp resets even though the network is in the never block? if so how do I tell the sensor to not block certain ip addresses..

Thanks in advance

Phil

1 REPLY
Silver

Re: Tcp Reset question - IPS Sensor 4255

You can configure sensors to send TCP reset packets to try to reset a network connection between an attacker host and its intended target host. In some installations when the interface is operating in promiscuous mode, the sensor may not be able to send the TCP reset packets over the same sensing interface on which the attack was detected. In such cases, you can associate the sensing interface with an alternate TCP reset interface and any TCP resets that would otherwise be sent on the sensing interface when it is operating in promiscuous mode, are instead sent out on the associated alternate TCP reset interface.

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_installation_guide_chapter09186a008055fc77.html

267
Views
0
Helpful
1
Replies
CreatePlease login to create content