Cisco Cisco Traffic Anomaly Detector XT 5600A Guía De Información
the RST packet with the bad acknowledgment number, it authenticates the connection
and does not interfere with the next connection. The main caveat in this solution is
that some firewalls silently drop the badly−numbered ACK even though this is not
RFC compliant. n order to provide a solution in such cases, if the Guard receives a
second SYN packet from the same source within 4 seconds of the first, with no RST
in between, the second SYN is treated in the same way as it is treated in the Reset
method.
and does not interfere with the next connection. The main caveat in this solution is
that some firewalls silently drop the badly−numbered ACK even though this is not
RFC compliant. n order to provide a solution in such cases, if the Guard receives a
second SYN packet from the same source within 4 seconds of the first, with no RST
in between, the second SYN is treated in the same way as it is treated in the Reset
method.
Q. After an upgrade I receive the "Can't connect to management module;
SYSTEM IS NOT FULLY OPERATIONAL: Connection refused Can't write
to socket" error message. How do I fix this?
SYSTEM IS NOT FULLY OPERATIONAL: Connection refused Can't write
to socket" error message. How do I fix this?
A. In addition to the
Can't connect to management module; SYSTEM IS
NOT FULLY OPERATIONAL: Connection refused Can't write to
socket
error message, this error is generated when you reboot:
myguard@GUARDUS#reboot
Are you sure? Type 'yes' to reboot
yes
sh: /sbin/reboot: Input/output error
myguard@GUARDUS#
myguard@GUARDUS#show diagnostic−info
Can't connect to managment module; SYSTEM IS NOT FULLY OPERATIONAL:
Connection refused
Can't write to socket
Management module is busy. Please try again in 10 seconds
Failed to get counters
myguard@GUARDUS#
myguard@GUARDUS#
Message from syslogd@GUARDUS at Sun Sep 19 17:38:51 2004 ...
GUARD−US RHWatchdog: RHWatchdog: subsystem failure − CM
This looks like a file system error on the guard. In order to solve the FS errors, reboot the
guard and watch the fsck process closely. If you get into single user mode, issue the fsck −y /
command to request a manual run of fsck.
guard and watch the fsck process closely. If you get into single user mode, issue the fsck −y /
command to request a manual run of fsck.
Q. When I configure a Zone using the default template, I am unable to
find the HTTP policy template under the zone when I issue the "show
policies" command. I see every other policy template except for HTTP.
How can I find it?
find the HTTP policy template under the zone when I issue the "show
policies" command. I see every other policy template except for HTTP.
How can I find it?
A. The default policy is available when you issue the wr t | command and include HTTP.
This shows you something similar to policy−template http −1 10.0 enabled. The Cisco
Traffic Anomaly Detector and Guard then looks at traffic that is based on the threshold form
that the HTTP policy is based on.
This shows you something similar to policy−template http −1 10.0 enabled. The Cisco
Traffic Anomaly Detector and Guard then looks at traffic that is based on the threshold form
that the HTTP policy is based on.
Q. How do I perform root user password recovery?
A. Refer to Cisco Guard and Traffic Anomaly Detector Password Recovery for instructions
on root user password recovery.
on root user password recovery.