Net Optics PAD-CU-AR Active Response Tap FAQs, What types of active responses are supported?

10/100 Port Aggregator Tap

Active Response Tap FAQs

Q: What types of active responses are supported?

A:With an Active Response Dual Port Aggregator Tap, an administrator can transmit any type of Ethernet packet back into the original link, supporting all common types of active responses generated by intrusion detection systems, and by intrusion prevention systems deployed in passive mode. .The most common response types are TCP resets, and firewall rule changes. While the

Tap can support both types of responses, we advocate extreme caution in dy- namically updating firewall rules due to the risk of disabling network services. Because most firewalls are managed out-of-band, however, it is unlikely that the Regeneration Tap will be part of a rule change scenario. .

Q:How are collisions avoided when active responses are transmitted back into the original link?

A:On each side of the full-duplex link, there is a small buffer for traffic ar- riving from the network, and another small buffer for active response traffic arriving from the monitoring device. Traffic is released from this buffer pair on a first-in, first-out basis. If both sides of the buffer are empty and a packet originating from the monitoring device and a packet originating from the network arrive at the same time, priority is given to the network packet..

11