- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IPS - Block vs. Reset vs. Quarantine
Hello, I'm trying to understand what is difference in following actions on IPS signature: Block, Reset, Quarantine. From the user view is traffic blocked in all cases, right? I understand that Quarantine puts IP adres on quarantine list so admins could easily check what is quarantined. But is there some more sophistiated using of these actions?
Thank you Petr
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Block will drop the packets silently, reset will send reset packets whenever an IPS rule is triggered back to the attacker and quarantine will block all future packets from the IP address for X minutes.
I prefer to use block where possible as resets will alert attackers that there is an IPS active.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Block will drop the packets silently, reset will send reset packets whenever an IPS rule is triggered back to the attacker and quarantine will block all future packets from the IP address for X minutes.
I prefer to use block where possible as resets will alert attackers that there is an IPS active.