If you experience unwanted traffic from a specific IP address, how can you stop it most quickly?
A.
Check anti-spoofing settings
B.
Configure a rule to block the address
C.
Create a SAM rule
D.
Activate an IPS protection
If you experience unwanted traffic from a specific IP address, how can you stop it most quickly?
If you experience unwanted traffic from a specific IP address, how can you stop it most quickly?
SAM stands for Suspicious Activity Monitoring and originally allows an Intrusion Detection System (IDS) to tell the firewall to block a source IP that was attacking in real time.
With the advent of in-line IPS systems you don’t see this feature used much anymore since the separate IPS system or IPS blade can directly block the malicious traffic unlike an IDS which was just monitoring traffic on a mirror/SPAN port.