|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: [ISSForum] Re: Could RSKILL cause problems on a switch ?
issforum-admin
iss.net
Date: Wed Jul 02 2003 - 11:54:00 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I'm sure there are more qualified people that could help, but an RSKILL is simply a TCP Reset that is sent to both systems...the system which is being targeted and the system which sent the offending packet. All this does is break the TCP connection so that a connection cannot be established and it hopes to prevent any further damage. The RS sensor should do this every time an offending packet is sent, and one of your signatures catches the event. I am unsure whether it would affect your other inline equipment but it doesn't seem likely.
I hope that helps.
Paul
-----Original Message-----
From: issforum-adminiss.net [mailto:issforum-adminiss.net]
Sent: Wednesday, July 02, 2003 12:37 PM
To: ISSForumiss.net
Cc: Mohamed HAMOUCH
Subject: [ISSForum] Re: Could RSKILL cause problems on a switch ?
Forgot to say that we're using a Nokia IP 330 appliance as a network sensor version 6.5 .
./Mohamed.
Mohamed HAMOUCH
mohamed.hamouch (at) cgey.com
----- Original Message -----
From: Mohamed HAMOUCH <mailto:Mohamed.Hamouchcgey.com>
To: ISSForumiss.net
Cc: Mohamed HAMOUCH <mailto:Mohamed.Hamouchcgey.com>
Sent: Wednesday, July 02, 2003 4:27 PM
Subject: Could RSKILL cause problems on a switch ?
Hi all,
I'd like to know if enabling RSKILL could cause some trouble to active network equipements mainly switches (cisco) ?
How does RSKILL work ? Does it block only the tcp connection which trigger the signature or all the traffic to the attacked host ?
We encounter a strange problem on our platform and we think that it's caused by the RSKILL that we just activate for testing matter.
As as we enabled the RSKILL and test it by establishing the connection that trigger the signature, the switch ( that is connected to the machine to which we send the attack) does not respond and all the machines behind this switch are not reacheable (they seem to be down because the switch is no longer alive in term of network ).
We want to know if RSKILL could be behind this problem or it's just a concidence. It's really strange if it can cause all this kind of trouble.
Network sensor ------- cisco hub_1 -------cisco switch_1 ---- cisco router ------ cisco switch_2 ---- machine
NB: machine: the machine againt which RSKILL is tested
cisco switch_2 : is the switch which deos not respond (off in term of network)
Any help could be so appreciated.
Best Regards,
./Mohamed.
_______________________________________________
ISSForum mailing list
ISSForumiss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
- application/ms-tnef attachment: winmail.dat
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]