Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: CISCO IDS

CISCO IDS 10 years 7 months ago #14365

  • shakthi
  • shakthi's Avatar
  • Offline
  • New Member
  • Posts: 4
  • Karma: 0
Hi i am using cisco ids 4250. I am new to this device. I need to know about blocking in cisco ids.

1.How can i know wheather blocking is configured or not ?
2.If configured how can i know which device is configured for blocking (switch or pix)?
3.If it is not configured for blocking . how can i configure my ids to block traffic by using pix firewall .

Please tell me what to do...

Regards.
The administrator has disabled public write access.

Re: CISCO IDS 10 years 7 months ago #14377

  • havohej
  • havohej's Avatar
  • Offline
  • Distinguished Member
  • Posts: 152
  • Karma: 0
hi.

by the shun command in the pix you can instruct it to work together with the ids device, so you can filter maliciuous sources of traffic first by defining an ip flow (layer 3 and 4).

example: outside host tryng to acces a telnet server in the inside.

source outside: 192.168.0.1 (3000)
destionation inside: 172.16.0.1 (23)

pix(config)# shun 192.168.0.1 172.16.0.1 3000 23


the PIX deletes the connection from its connection table.
Packets from outside host will continue to be blocked until the blocking function is removed manually or by the Cisco IDS master unit.

so the ids informs dynamically to the pix wether or not to block maliciuous ip flow by the help of shun command.
The administrator has disabled public write access.

Re: CISCO IDS 10 years 7 months ago #14391

  • shakthi
  • shakthi's Avatar
  • Offline
  • New Member
  • Posts: 4
  • Karma: 0
thanks. Everything is ok. But how can i configure my ids to make pix as a blocking device. Can u send me the commands.
The administrator has disabled public write access.

Re: CISCO IDS 10 years 7 months ago #14392

  • shakthi
  • shakthi's Avatar
  • Offline
  • New Member
  • Posts: 4
  • Karma: 0
thanks. Everything is ok. But how can i configure my ids to make pix as a blocking device. Can u send me the commands.
The administrator has disabled public write access.
Time to create page: 0.074 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup