Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IDS TCP reset

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: IDS TCP reset

The original Cisco sensors sent the TCP Reset to only the attacking host.

However, later versions of Cisco sensors now send TCP Resets to both the attacker and the victim to allow for a better chance at shutting down the connection.

So the conflict probably originates with which version of the Cisco sensor the writers were most familiar with.

Since SAFE came out after the change had already been made to the sensors, the SAFE exam would most likely be expecting an answer of "sent to both the atacking and attacked hosts".

2 REPLIES
New Member

Re: IDS TCP reset

Could anyone answer a fairly basic question I got in the SAFE exam recently ?

Is the TCP reset sent to the attacking host or is it sent to both the attacking and attacked hosts ? My books on IDS seem to be providing conflicting information .

Cheers

Mike

Cisco Employee

Re: IDS TCP reset

The original Cisco sensors sent the TCP Reset to only the attacking host.

However, later versions of Cisco sensors now send TCP Resets to both the attacker and the victim to allow for a better chance at shutting down the connection.

So the conflict probably originates with which version of the Cisco sensor the writers were most familiar with.

Since SAFE came out after the change had already been made to the sensors, the SAFE exam would most likely be expecting an answer of "sent to both the atacking and attacked hosts".

123
Views
0
Helpful
2
Replies
CreatePlease login to create content