04-09-2007 07:11 PM - edited 03-10-2019 03:33 AM
Hi there,
Is the IDSM capable of blocking host and network by itself through manual blocking. Or is it just capable of sending the blocks to its managed devices. Thanks
04-13-2007 06:12 AM
The IDSM is capable of blocking host and network by itself through manual blocking
04-15-2007 05:31 PM
Thanks,
This is what I did, from the IDM I configured a certain IP address to be blocked. Monitoring > Active Host Block > Add.
I specified the IP address to be blocked inline, but the continuous ping still succeeds, http and ftp still works. Is there something missing from my configuration. I enabled blocking of course...
04-15-2007 09:08 PM
There is a confusion in terms.
Blocking refers to the sensor's ability to create ACLs or Shun lists on other devices.
It requires that you setup the sensor to connect to that other device.
Denying on the other hand refers to the sensor's ability to be deployed InLine and for the sensor itself to drop the offending packets.
The Host Blocking panel is only for the Blocking feature. The Host Blocking panel does not control what an InLine Sensor will "Deny".
At this time the sensor does not support the user manually adding IP Addresses to the sensor's Denied Attacker list.
User's may view the current list, clear counters for the list, or remove attacker ip addresses from the list. But may not manually add addresses to the list.
Addresses are added to the Denied Attacker list Only when signatures are triggered with one of the deny-attacker-.... event actions.
You can view the Denied Attacker List through IDM:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids13/idmguide/dmmntr.htm#wp1029926
The Deny Actions do require that the sensor be deployed InLine and will not work on sensor's deployed Promiscuously.
04-15-2007 09:40 PM
Ok thanks, so that means I cannot manually block hosts inline using the host blocking feature. Thanks for the clarification.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: