I'm sure there are more qualified people that could help, but an RSKILL is simply a TCP Reset that is sent to both systems...the system which is being targeted and the system which sent the offending packet. All this does is break the TCP connection so that a connection cannot be established and it hopes to prevent any further damage. The RS sensor should do this every time an offending packet is sent, and one of your signatures catches the event. I am unsure whether it would affect your other inline equipment but it doesn't seem likely. I hope that helps. Paul
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 02, 2003 12:37 PM To: [EMAIL PROTECTED] Cc: Mohamed HAMOUCH Subject: [ISSForum] Re: Could RSKILL cause problems on a switch ? Forgot to say that we're using a Nokia IP 330 appliance as a network sensor version 6.5 . ./Mohamed. Mohamed HAMOUCH mohamed.hamouch (at) cgey.com ----- Original Message ----- From: Mohamed HAMOUCH <mailto:[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Cc: Mohamed HAMOUCH <mailto:[EMAIL PROTECTED]> Sent: Wednesday, July 02, 2003 4:27 PM Subject: Could RSKILL cause problems on a switch ? Hi all, I'd like to know if enabling RSKILL could cause some trouble to active network equipements mainly switches (cisco) ? How does RSKILL work ? Does it block only the tcp connection which trigger the signature or all the traffic to the attacked host ? We encounter a strange problem on our platform and we think that it's caused by the RSKILL that we just activate for testing matter. As as we enabled the RSKILL and test it by establishing the connection that trigger the signature, the switch ( that is connected to the machine to which we send the attack) does not respond and all the machines behind this switch are not reacheable (they seem to be down because the switch is no longer alive in term of network ). We want to know if RSKILL could be behind this problem or it's just a concidence. It's really strange if it can cause all this kind of trouble. Network sensor ------- cisco hub_1 -------cisco switch_1 ---- cisco router ------ cisco switch_2 ---- machine NB: machine: the machine againt which RSKILL is tested cisco switch_2 : is the switch which deos not respond (off in term of network) Any help could be so appreciated. Best Regards, ./Mohamed.
<<winmail.dat>>
