Created on 08-18-2008 06:59 PM
Created on 09-02-2008 09:29 AM
Its hard to figure out what action to use with what rule. I thought that with ' drop session' I would be safe in most cases? Or is ' clear session' better? Or are there rules where these would have no effect?In general, if you are in-line, you want to avoid using any of the ones that sends a reset (RST) packet. That can be detected at the origin and it can potentially DoS your own connection. (If I know you send RSTs, I can flood you with bad traffic and the RST packets will clog your pipe). RST is the only way you can block if you are doing passive monitoring, (not in-line) and even that isn' t 100% effective and can DoS your own network. It is best to drop the packet or session. This causes the offending packet(s) to simply disappear, which is preferable as it can not be detected (easily) at the origin. Dropping the packet or session also can slow down automated scanners and worms.
Created on 09-06-2008 01:37 AM
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.