Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
295
Views
0
Helpful
2
Replies

IDS TCP reset

Go to solution
mjbriggs
Level 1
Level 1

‎02-04-2003 09:46 AM - edited ‎03-09-2019 01:57 AM

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
marcabal
Cisco Employee
Cisco Employee
In response to mjbriggs

‎02-05-2003 08:44 AM

The original Cisco sensors sent the TCP Reset to only the attacking host.

However, later versions of Cisco sensors now send TCP Resets to both the attacker and the victim to allow for a better chance at shutting down the connection.

So the conflict probably originates with which version of the Cisco sensor the writers were most familiar with.

Since SAFE came out after the change had already been made to the sensors, the SAFE exam would most likely be expecting an answer of "sent to both the atacking and attacked hosts".

View solution in original post

0 Helpful
2 Replies 2

Go to solution
mjbriggs
Level 1
Level 1

‎02-05-2003 01:52 AM

Could anyone answer a fairly basic question I got in the SAFE exam recently ?

Is the TCP reset sent to the attacking host or is it sent to both the attacking and attacked hosts ? My books on IDS seem to be providing conflicting information .

Cheers

Mike

0 Helpful

Go to solution
marcabal
Cisco Employee
Cisco Employee
In response to mjbriggs

‎02-05-2003 08:44 AM

The original Cisco sensors sent the TCP Reset to only the attacking host.

However, later versions of Cisco sensors now send TCP Resets to both the attacker and the victim to allow for a better chance at shutting down the connection.

So the conflict probably originates with which version of the Cisco sensor the writers were most familiar with.

Since SAFE came out after the change had already been made to the sensors, the SAFE exam would most likely be expecting an answer of "sent to both the atacking and attacked hosts".

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents