verifying tcp reset functionality is working

awheelen · ‎08-10-2005

I am having problems verifying that the TCP reset functionality is working on an IDSM-2 blade.

gabelar · ‎08-10-2005

An easy way to verify TCP reset would be create a rule with an action of reset/produce alert that denies telnet traffic from spource to source b/port telnet. Enable that custom signature. Then telnet from source a to source b. The connection should not be successful and you should see an event in your IPS/IDS reporting application.

awheelen · ‎08-11-2005

I was able to successfully test TCP reset. Thank you very much for the tip.

eng.malak · ‎02-17-2013

Guys

I found this old post and i really want to know how you configured the TCP reset , is this promiscuous deployment or inline? , my configuration is attached

intrusion-detection switch 1 module 2 management-port access-vlan 9

intrusion-detection switch 2 module 2 management-port access-vlan 9

intrusion-detection switch 1 module 2 data-port 1 capture

intrusion-detection switch 1 module 2 data-port 2 capture

intrusion-detection switch 2 module 2 data-port 1 capture

intrusion-detection switch 2 module 2 data-port 2 capture

intrusion-detection switch 1 module 2 data-port 1 capture allowed-vlan AAAAA

intrusion-detection switch 1 module 2 data-port 1 capture allowed-vlan BBBBBB

intrusion-detection switch 1 module 2 data-port 2 capture allowed-vlan CCCCCC

intrusion-detection switch 2 module 2 data-port 1 capture allowed-vlan DDDDDD

intrusion-detection switch 2 module 2 data-port 2 capture allowed-vlan EEEEEE

vlan access-map cap 10

match ip address MATCHALL

action forward capture

!