> > If this is an IDS that is monitoring an > >egress pipe, how will it do session resets when appropriate?
One more stab from the limb I've gotten myself onto. Can you tell us more about your setup? What is it that you think is going to send a session reset? Are you using Cisco Secure Policy Manager? Cisco Secure Policy Manager can send a TCP reset. Remember TCP is end-to-end. The reset must go to the IP address that appears to be attacking. Assuming that the Policy Manager has a route there and that there are no other routing problems en route, sending a TCP reset should work under most conditions. When you say "egress pipe," however, are you saying it's a one-way pipe, and only traffic leaving the network appears on the pipe? I could imagine that would make it harder to recognize an incoming attack. Perhaps that's not the right port to be monitoring. I may be misunderstanding your question, but just let us know if that's the case. > >Steven Kell Bates >________________________ ________________________ Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34565&t=34469 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
