Which IDS guideline should be followed, according to SAFE SMR?
A.
use UDP resets more often than shunning, because UDP traffic is more difficult to spoof
B.
use TCP resets more often than shunning, because TCP traffic is more difficult to spoof
C.
use TCP resets no longer than 15 minutes
D.
use UDP resets no longer than 15 minutes
Explanation:
Because TCP traffic is more difficult to spoof, you should consider using TCP resets more often than shunning – TCP resets operate only on TCP traffic and terminate an active attack by sending a TCP reset to both the attacker and the attacked host.
Reference: Cisco Courseware p.3-27