Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
393
Views
5
Helpful
2
Replies

Verify TCP reset is actually working

pmichaelson
Level 1
Level 1

‎10-21-2005 08:22 AM - edited ‎03-10-2019 01:42 AM

How do I see if the TCP reset is working,

I have IDM, IEV, IDS MC, and for some reason I cannot locate the information

Thanks in advance

Labels:
0 Helpful
2 Replies 2

a.kiprawih
Level 7
Level 7

‎10-23-2005 10:06 PM

Hi,

Beside logging direct to IDM or using IDS MC, you may use IEV to view the tcp reset action taken by the IDS.

1. Launch your IEV

2. Under 'View', double-click the "Sig Name Group".

2. Right-click the log associated to the signature you've selected, for example "TCP Segment Overwrite" (SID 1300)

I assumed you have already set the "EventAction" under your selected signature (tcp-based) to include 'reset'.

3. Back to IEV, right-click the signature log and choose 'Expand Whole Details'. A window will popup with details on the attack log.

4. Right-click this event, and choose 'View Alarms'.

5. Scroll to the right, and look under 'TCP Reset Sent'. If the stated value is 'true', the IDS has performed the tcp reset to the attack event.

Cheers!

AK

pmichaelson
Level 1
Level 1
In response to a.kiprawih

‎10-26-2005 05:05 AM

Thanks for the information, very helpful

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card