Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
360
Views
0
Helpful
1
Replies

Block Ares with AIP-SSM

rretanag099
Level 1
Level 1

‎02-01-2008 03:16 PM - edited ‎03-10-2019 03:58 AM

Hi,

One of my costumers has the urgent need to block one p2p application named ares. I searched in the p2p signature database and i found signatures for kazza, gnutella, imesh,etc , but didnt find any reference to this application.

Any ideas how can i block ares with an AIP-SSM ?

Regards

Labels:
0 Helpful
1 Reply 1

bwilmoth
Level 5
Level 5

‎02-07-2008 03:12 PM

The AIP SSM can operate in one of two modes, such as:

Inline modeThis mode places the AIP SSM directly in the traffic flow. You must first pass through and be inspected by the AIP SSM before you can continue through the adaptive security appliance.

This mode is the most secure because every packet is analyzed before it is allowed through. Also, the AIP SSM can implement a blocking policy on a packet-by-packet basis. But, this mode can affect throughput. Use the Inline keyword of the ips command in order to specify this mode.

Promiscuous modeIn this mode, a duplicate stream of traffic is sent to the AIP SSM. This mode is less secure. The SSM that operates in promiscuous mode instructs the adaptive security appliance to shun the traffic or resets a connection on the adaptive security appliance in order to block traffic.

Also, while the AIP SSM analyzes the traffic, a small amount of traffic possibly passes through the adaptive security appliance before the AIP SSM can block it. Use the Promiscuous keyword of the ips command in order to specify this mode.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card