CISCO IDS

Hi i am using cisco ids 4250. I am new to this device. I need to know about blocking in cisco ids.

1.How can i know wheather blocking is configured or not ?
2.If configured how can i know which device is configured for blocking (switch or pix)?
3.If it is not configured for blocking . how can i configure my ids to block traffic by using pix firewall .

Please tell me what to do...

Regards.

hi.

by the shun command in the pix you can instruct it to work together with the ids device, so you can filter maliciuous sources of traffic first by defining an ip flow (layer 3 and 4).

example: outside host tryng to acces a telnet server in the inside.

source outside: 192.168.0.1 (3000)
destionation inside: 172.16.0.1 (23)

pix(config)# shun 192.168.0.1 172.16.0.1 3000 23


the PIX deletes the connection from its connection table.
Packets from outside host will continue to be blocked until the blocking function is removed manually or by the Cisco IDS master unit.

so the ids informs dynamically to the pix wether or not to block maliciuous ip flow by the help of shun command.

thanks. Everything is ok. But how can i configure my ids to make pix as a blocking device. Can u send me the commands.

thanks. Everything is ok. But how can i configure my ids to make pix as a blocking device. Can u send me the commands.