Hi Piotr True but I am trying with promiscuous IPS monitoring. I have set an alternate interface instead of the promiscuous interface itself. The alternate interface is put in the same vlan in which the attacker and victim is in. But the TCP reset doesn't reach the attacker and victim and the tcp session is not terminated.
In another case, I have configured promiscuous interface with vlans groups and the monitor session destination allowing ingress traffic which is configured for encapsulation and is configured to add dot1q tagged with vlan 23. The attacker and victim is in vlan 23. But tcp session is not terminated monitor session 1 destination interface f1/0/2 encapsulation ingress dot1q vlan 23 With regards Kings On Tue, Apr 19, 2011 at 5:07 PM, Piotr Matusiak <[email protected]> wrote: > Hi Kings, > > The TCP reset interface that is assigned to a sensing interface has no > effect in inline interface or inline VLAN pair mode, because TCP resets are > always sent on the sensing interfaces in those modes. > > > http://www.cisco.com/en/US/docs/security/ips/5.1/configuration/guide/cli/cliInter.html#wp1033177 > > Regards, > Piotr > > > 2011/4/18 Kingsley Charles <[email protected]> > >> Hi all >> >> I tried tcp reset with following two cases which is failing: >> >> 1) An alternate interface is configured for tcp reset. The switch port >> connected to the alternate interface was put in the same vlan in which the >> attacker and victim is present. But the tcp reset never reached them. >> >> 2) The promiscuous interface is being configured for vlan groups and I >> have configured ingress option as following to tag with vlan 23 to carry the >> tcp reset. The attacker and victim is in vlan 23. But the tcp reset never >> reached them. >> >> monitor session 1 destination interface f1/0/2 encapsulation ingress dot1q >> vlan 123 >> >> >> Any idea why both are not working? >> >> With regards >> Kings >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and Looking for a Job – check out >> www.PlatinumPlacement.co >> > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
