08-10-2005 01:55 PM - edited 03-10-2019 01:34 AM
I am having problems verifying that the TCP reset functionality is working on an IDSM-2 blade.
08-10-2005 02:47 PM
An easy way to verify TCP reset would be create a rule with an action of reset/produce alert that denies telnet traffic from spource to source b/port telnet. Enable that custom signature. Then telnet from source a to source b. The connection should not be successful and you should see an event in your IPS/IDS reporting application.
08-11-2005 09:54 AM
I was able to successfully test TCP reset. Thank you very much for the tip.
02-17-2013 12:53 PM
Guys
I found this old post and i really want to know how you configured the TCP reset , is this promiscuous deployment or inline? , my configuration is attached
intrusion-detection switch 1 module 2 management-port access-vlan 9
intrusion-detection switch 2 module 2 management-port access-vlan 9
intrusion-detection switch 1 module 2 data-port 1 capture
intrusion-detection switch 1 module 2 data-port 2 capture
intrusion-detection switch 2 module 2 data-port 1 capture
intrusion-detection switch 2 module 2 data-port 2 capture
intrusion-detection switch 1 module 2 data-port 1 capture allowed-vlan AAAAA
intrusion-detection switch 1 module 2 data-port 1 capture allowed-vlan BBBBBB
intrusion-detection switch 1 module 2 data-port 2 capture allowed-vlan CCCCCC
intrusion-detection switch 2 module 2 data-port 1 capture allowed-vlan DDDDDD
intrusion-detection switch 2 module 2 data-port 2 capture allowed-vlan EEEEEE
vlan access-map cap 10
match ip address MATCHALL
action forward capture
!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide