CISCO IPS 4255

Unanswered Question
Jun 11th, 2009
User Badges:

Hi Friend


I have a Cisco IPS 4255, and I put all the upgrades that Cisco recomend. So, I put the ARES signature with TCP RESET like the action, but the ARES is working without the problem, and I need to stop these traffic. How can I stop the ARES P2P traffic.

I will wait your answer.

Regards


Rafael Barba

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rhermes Fri, 06/12/2009 - 10:35
User Badges:
  • Gold, 750 points or more

Is your sensor in-line or sniffing in promiscious mode? If it is in-line then you can drop the packets instead of sending a TCP Reset. If your sesor is promiscious, then you need a method of transmitting those resets back into the traffic stream.

r.barba Fri, 06/12/2009 - 13:09
User Badges:

Hi friend thank you for your answer, my sensor is in-line mode, and I have configured the signture with both actions.

TCP reset and deny inline packet???, Should I change the action to other???, please tell me wich one???


Regards


Rafael Barba

rhermes Fri, 06/12/2009 - 14:40
User Badges:
  • Gold, 750 points or more

If your sensor is physically in-line then you only need to drop. Are your ARES signatures firing?

Check your alert log with "show event alert past 01:00" to see the past 1 hour of signature alerts.

r.barba Fri, 06/12/2009 - 16:05
User Badges:

Hi friend.

Thank you for your answer, You know that the ARES signatures is not firing, I don not why??? I am sending 2 pictures ipslog1.jpg (is my signatures configuration), ipslog2.jpg (is the action configuration), What must I do in order to fix this issue.

Regards


Rafael Barba



Attachment: 
r.barba Wed, 06/24/2009 - 11:43
User Badges:

Hi friend.


Do you have any answer, about hi can I block the ARES with the IPS 4255??, I sent you my signature configuration, but I did not receive nothing. Could you help me??


Regards


Rafael Barba

Actions

This Discussion