Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

IDS and Firewall ?

Unanswered Question
Apr 30th, 2003
User Badges:

I am new to cisco ids. our company already has an IDS blade in the cat 6509 switch.

We also have pix but there I was told that PIX is Vulnerable to the following attacks:

UDP Flood

IP Range Scan


HTTP attacks spanning multiple attacks

1. Can I take care of these with IDS?

2. Can the IDS act like a firewall in case of an attack? or can IDS be used as a firewall in general?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sghosh Thu, 05/01/2003 - 11:26
User Badges:


IDS can help you in detecting these type of attacks and not act like a firewall.

It can do a TCP reset on the session or do Shunning (applying a ACL) on the perimeter router to stop certain ip addresses for some types of attacks.




Whats the effectiveness of TCP reset action in the IDS 4210 sensor. I tried configuring many TCP signatures with action = reset. I am getting the alarms in the event viewer but the session never gets terminated. Can anybody give me an example on simulating any signature with TCP reset action. I donot want to configure shunning or blocking on PIX/Routers.



How is your sensors sniffing interface connected to the network?

If you are connected to a switch and using SPAN to see the traffic you need to enable inpkts so that the switch will accept the TCP reset packets from the sensor.

If you show port mac for the port the sniffing interface is connected to you should see the number of packets received going up by 200 every time the sensor sends reset packets.


This Discussion