|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Steven Richards (SRichard_at_netscreen.com)
Date: Tue Jan 28 2003 - 22:35:48 CST
The NetScreen IDS (IDP-100 & IDP-500) is capable of the following actions
when a rule is matched:
- none (take no action)
- ignore (ignore the rest of the flow)
- drop packet (drop the offending packet into bit bucket)
- drop connection (drop session into bit bucket)
- close client & server (drop session into bit bucket and send reset to
both)
- close client (drop session into bit bucket and send reset to client)
- close server (drop session into bit bucket and send reset to server)
All of the above actions are availble in an inline deployment but the 'drop'
portions are not available in a "sniffer-based" deployment.
Just wanted to clarify...
no judgements from the vendor corner here on what is better or not.
Regards,
Steve Richards
Sr. Systems Engineer
NetScreen - Chicago
>
>Ralph
>
>
>I agree! Most security experts I have spoken to agree with you
>as well. However, Netscreen IDS features TCP reset as a major
>feature of their product and sell prospective customers on it.
>I don't get it personally but we were forced to implement and
>support it just to match the feature for those customers who
>demanded it
>
>
>alan
>
>
>Alan Shimel
>VP of Sales & Business Development
>Latis Networks, Inc.
>>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]