I noticed the default action for the new "NAT Slipstreaming Detection" signatures are set to Alert. How come they are not set to Drop or something else that stops this attack in its tracks? Also, is there a best practice on protecting against attacks, such as this one, in general? Or does it come down to personal/company preference? For example, do I create exceptions on the used Vulnerability Protection profiles and change the action there? Or is there a better way? What would be the best and safest action to use in these cases, Drop, Block IP (client or server?), or Reset [client|server|both]? When do I use Reset client, Reset server or Reset both and why do I use this instead of Drop or Block IP? I read the documentation about the differences between these actions, but I still don't understand it enough to pick the right action all the time. I'm still thinking in dropping unwanted traffic the old fashioned way.
... View more