I have a question regarding blocking or sending a reset.
Is there any hard and fast rule with regards to choosing whether to block or send a reset>?
What I mean is for instance
1. For a signature that uses an ATOMIC.TCP or ATOMIC.UDP engine, do you block or reset or both.
2. For a signature that use the STRING.TCP or STRING.UDP, do you block, reset or both
Is there a list of recommend actions one should take following the receiving of an event if you where considering more than just logging?