10-07-2018 01:59 PM
Under threats logs i see type as :
type vulnerability action - reset both-----------sev is high
does this mean that if it is DNS query traffic this will time out the traffic?
Threat ID here is 54122
type spyware action is drop --------------sev is drop
as name says it will drop the traffic right?
so if server is doing dns query to dns server how the action reset both and drop works?
Regards
Mike
10-07-2018 07:54 PM
"does this mean that if it is DNS query traffic this will time out the traffic?
Threat ID here is 54122" (54122 isn't showing as a valid Vulnerability signature btw)
If the action is reset-both a reset will be sent to both the Source and Destination; essentially the firewall lets the devices know that it's closing the connection. With DNS traffic I'm not positive that will really matter, since the DNS request doesn't get a result it'll probably simply look like the traffic timed-out from the client side of things.
as name says it will drop the traffic right?
Correct, nothing is sent to the client or the server and the connection is simply dropped on the firewall.
so if server is doing dns query to dns server how the action reset both and drop works?
Specific to DNS queries I believe that either method will visually look the same. Since the client never gets a valid response it should show that it aged_out without a response from the client side of things.
10-08-2018 07:45 PM
If the traffic is being reset the DNS request wouldn't recieve a response from the DNS server.
10-07-2018 07:54 PM
"does this mean that if it is DNS query traffic this will time out the traffic?
Threat ID here is 54122" (54122 isn't showing as a valid Vulnerability signature btw)
If the action is reset-both a reset will be sent to both the Source and Destination; essentially the firewall lets the devices know that it's closing the connection. With DNS traffic I'm not positive that will really matter, since the DNS request doesn't get a result it'll probably simply look like the traffic timed-out from the client side of things.
as name says it will drop the traffic right?
Correct, nothing is sent to the client or the server and the connection is simply dropped on the firewall.
so if server is doing dns query to dns server how the action reset both and drop works?
Specific to DNS queries I believe that either method will visually look the same. Since the client never gets a valid response it should show that it aged_out without a response from the client side of things.
10-07-2018 11:08 PM
it is always pleasure to read reply from you.
Can you please explain --
since the DNS request doesn't get a result ?
10-08-2018 07:45 PM
If the traffic is being reset the DNS request wouldn't recieve a response from the DNS server.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
