TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
RS Network Sensor kills are TCP RST packets.
They have to have a persistant TCP Session to be able to Kill the session.
In most cases port scan activity is either so quick that a TCP RST cannot
effectively kill the session even though a RST is legal, OR the protocols
being employed are non-TCP based, such as UDP, or ICMP and there is not a
persistent session to "Kill"
Pat Becker
Sr. Researcher - ISS X-Force
[EMAIL PROTECTED]
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: Friday, October 06, 2000 3:56 AM
To: [EMAIL PROTECTED]
Subject: Kill scans with RS?
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
----------------------------------------------------------------------------
Hi,
I use RS 3.2 to kill scans, but as I saw it can't do
anything with nmap.
I used nmap-2.53 to scan our hosts, and got every
informations what I needed.
So, what is that feature in RS, to kill Nmap_Scans,
Port_Scans, etc.? Just a PR "feature", or can anybody
use this successfully against scanners?
Thanks in advance!
Regards,
Istvan
