threat logs - type vulnerability and spyware - Action - reset both and drop

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

threat logs - type vulnerability and spyware - Action - reset both and drop

Cyber Elite
Cyber Elite

 

Under threats logs i see type as :

 

type  vulnerability   action - reset both-----------sev is high

 

does this mean that if it is DNS query traffic this will time out the traffic?

Threat ID here is 54122

 

type  spyware   action is drop --------------sev is drop

 

as name says it will drop the traffic right?

 

so if server is doing dns query to dns server how the action reset both and drop works?

 

Regards

Mike

MP

Help the community: Like helpful comments and mark solutions.
2 accepted solutions

Accepted Solutions

Cyber Elite
Cyber Elite

@MP18,

"does this mean that if it is DNS query traffic this will time out the traffic?

Threat ID here is 54122" (54122 isn't showing as a valid Vulnerability signature btw)

If the action is reset-both a reset will be sent to both the Source and Destination; essentially the firewall lets the devices know that it's closing the connection. With DNS traffic I'm not positive that will really matter, since the DNS request doesn't get a result it'll probably simply look like the traffic timed-out from the client side of things. 

 

as name says it will drop the traffic right?

Correct, nothing is sent to the client or the server and the connection is simply dropped on the firewall. 

 

so if server is doing dns query to dns server how the action reset both and drop works?

Specific to DNS queries I believe that either method will visually look the same. Since the client never gets a valid response it should show that it aged_out without a response from the client side of things. 

View solution in original post

@MP18,

If the traffic is being reset the DNS request wouldn't recieve a response from the DNS server. 

View solution in original post

3 REPLIES 3

Cyber Elite
Cyber Elite

@MP18,

"does this mean that if it is DNS query traffic this will time out the traffic?

Threat ID here is 54122" (54122 isn't showing as a valid Vulnerability signature btw)

If the action is reset-both a reset will be sent to both the Source and Destination; essentially the firewall lets the devices know that it's closing the connection. With DNS traffic I'm not positive that will really matter, since the DNS request doesn't get a result it'll probably simply look like the traffic timed-out from the client side of things. 

 

as name says it will drop the traffic right?

Correct, nothing is sent to the client or the server and the connection is simply dropped on the firewall. 

 

so if server is doing dns query to dns server how the action reset both and drop works?

Specific to DNS queries I believe that either method will visually look the same. Since the client never gets a valid response it should show that it aged_out without a response from the client side of things. 

it is always pleasure to read reply from you.

Can you please explain --

 

since the DNS request doesn't get a result ?

MP

Help the community: Like helpful comments and mark solutions.

@MP18,

If the traffic is being reset the DNS request wouldn't recieve a response from the DNS server. 

  • 2 accepted solutions
  • 3427 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!