[ISSForum] RSKill on VLAN

[pramote.sr@xxxxxxxxxxxxxxxx]

Dear ALL
Could you please verify this configuration??
I have problem about How to sent RSKill to switch with seperate to 5 VLAN
I know that IDS not support to sent RSKill on VLAN switch
but I think it possible ask ISS implementer He told me that if it can 
route IDS can sent RSKill

Our configuration
- switch A and B set to stack 
- SW1 have 5 VLAN
- NS have 3 wire (RSKill , monitor ,management)
- RSKill , monitor have been configed to VLAN1
- NS Monitor port can see all traffic on SW A&B 
- VLAN1 can route to all VLAN 

Our LAB Test
- Set custom policy for block ftp_put
- plug notebook in VLAN1 try to use ftp_put and NS can sent RSKill to 
reset connection
- plug notebook in VLAN5 but NS can not sent RSKill

Our solution
- set up ethereal to sniff traffic on notebook VLAN5 . Then try to ftp 
again  I excite that after verify packet 
I can see RST flag that sent to reset source(FTP server) and 
destination(Notebook) with spoof source MAC address 
and real MAC desitnation address (capture on notebook VLAN5)

Our question
- NS can sent RST flag with real MAC address notebook but Why it can not 
reset the connection??? 
- How to config/place/deploy NS to sent RSKill signal to all VLAN ???

Pramote,
KBANK,TH
_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.