Why might the IDS send RSTs to the attacker and victim host?
An IDS might send a TCP RST packet to an attacker and victim after detecting malicious traffic like an established Sub seven connection. There are a few IDS systems that provide the session disruption, but for discussion I will focus on Snort, which is a lightweight network intrusion system that runs on different platforms. When Snort is configured with the Flexresp feature it provides session disruption. Flexresp is a feature that allows Snort to automatically respond to an attack if the corresponding option is specified in the snort rule. In order to enable active response on Unix, Snort must be compiled with Flexresp enable as shown below. Configure -enable-flexresp When installing on a Win32 system, Flexresp is enabled by selecting the Snort +FlexResp option as shown in Fig 1.1 below. Fig.
Related Questions
- Will providers still be able to send currently used IDs, such as PIN, PVN and TIN, in electronic transactions after the NPI compliance date?
- Why does the host send a multicast address rather than an anycast address, requesting for router solicitation?
- How can Host send an Invitation from his mobile phone?
