- Posts: 4
- Thank you received: 0
CISCO IDS
18 years 7 months ago #14365
by shakthi
Hi i am using cisco ids 4250. I am new to this device. I need to know about blocking in cisco ids.
1.How can i know wheather blocking is configured or not ?
2.If configured how can i know which device is configured for blocking (switch or pix)?
3.If it is not configured for blocking . how can i configure my ids to block traffic by using pix firewall .
Please tell me what to do...
Regards.
1.How can i know wheather blocking is configured or not ?
2.If configured how can i know which device is configured for blocking (switch or pix)?
3.If it is not configured for blocking . how can i configure my ids to block traffic by using pix firewall .
Please tell me what to do...
Regards.
18 years 7 months ago #14377
by havohej
Replied by havohej on topic Re: CISCO IDS
hi.
by the shun command in the pix you can instruct it to work together with the ids device, so you can filter maliciuous sources of traffic first by defining an ip flow (layer 3 and 4).
example: outside host tryng to acces a telnet server in the inside.
source outside: 192.168.0.1 (3000)
destionation inside: 172.16.0.1 (23)
pix(config)# shun 192.168.0.1 172.16.0.1 3000 23
the PIX deletes the connection from its connection table.
Packets from outside host will continue to be blocked until the blocking function is removed manually or by the Cisco IDS master unit.
so the ids informs dynamically to the pix wether or not to block maliciuous ip flow by the help of shun command.
by the shun command in the pix you can instruct it to work together with the ids device, so you can filter maliciuous sources of traffic first by defining an ip flow (layer 3 and 4).
example: outside host tryng to acces a telnet server in the inside.
source outside: 192.168.0.1 (3000)
destionation inside: 172.16.0.1 (23)
pix(config)# shun 192.168.0.1 172.16.0.1 3000 23
the PIX deletes the connection from its connection table.
Packets from outside host will continue to be blocked until the blocking function is removed manually or by the Cisco IDS master unit.
so the ids informs dynamically to the pix wether or not to block maliciuous ip flow by the help of shun command.
18 years 7 months ago #14391
by shakthi
Replied by shakthi on topic Re: CISCO IDS
thanks. Everything is ok. But how can i configure my ids to make pix as a blocking device. Can u send me the commands.
Time to create page: 0.122 seconds