IPS - Block vs. Reset vs. Quarantine

Forum|Forum|8 years ago
August 21, 2017
1 reply
21382 views

Hello, I'm trying to understand what is difference in following actions on IPS signature: Block, Reset, Quarantine. From the user view is traffic blocked in all cases, right? I understand that Quarantine puts IP adres on quarantine list so admins could easily check what is quarantined. But is there some more sophistiated using of these actions?

Thank you Petr

Best answer by neonbit

Block will drop the packets silently, reset will send reset packets whenever an IPS rule is triggered back to the attacker and quarantine will block all future packets from the IP address for X minutes.

I prefer to use block where possible as resets will alert attackers that there is an IPS active.

neonbitAnswer

New Member

Block will drop the packets silently, reset will send reset packets whenever an IPS rule is triggered back to the attacker and quarantine will block all future packets from the IP address for X minutes.

I prefer to use block where possible as resets will alert attackers that there is an IPS active.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded