02-07-2012 11:46 AM - edited 03-11-2019 03:25 PM
Hello,
Does any one know if AIP SSM installed in Cisco ASA, can it redirect traffic from all the ports to AIP SSM module for inspection? (inside, dmz, outside)
Recently one of our machines on the inside network got malware affected and it started ssh brute force attack on random hosts on internet. I would like to find out if I have AIP SSM on my ASA, would it be able to detect such attacks/traffic type, from inside interface and inform me or give an indication that some host on inside network is infected??
Thank you.
Solved! Go to Solution.
02-07-2012 12:08 PM
Hello,
Does any one know if AIP SSM installed in Cisco ASA, can it redirect traffic from all the ports to AIP SSM module for inspection? (inside, dmz, outside)?
A/ Yes, You will need to select witch traffic to send to the IPS module, usually you will see a access-list matching all traffic ( permit ip any any so all traffic from all the interfaces will be inspected)
Recently one of our machines on the inside network got malware affected and it started ssh brute force attack on random hosts on internet. I would like to find out if I have AIP SSM on my ASA, would it be able to detect such attacks/traffic type, from inside interface and inform me or give an indication that some host on inside network is infected??
A/ The IPS module will be able to inspect that traffic and based on his signatures or on the behavior of the host detect the attack and deppending of its configuration ( Inline or promiscuos mode) It will drop the packet inmediatly.
Regards,
Julio
Do rate all the helpful posts!!
02-07-2012 12:08 PM
Hello,
Does any one know if AIP SSM installed in Cisco ASA, can it redirect traffic from all the ports to AIP SSM module for inspection? (inside, dmz, outside)?
A/ Yes, You will need to select witch traffic to send to the IPS module, usually you will see a access-list matching all traffic ( permit ip any any so all traffic from all the interfaces will be inspected)
Recently one of our machines on the inside network got malware affected and it started ssh brute force attack on random hosts on internet. I would like to find out if I have AIP SSM on my ASA, would it be able to detect such attacks/traffic type, from inside interface and inform me or give an indication that some host on inside network is infected??
A/ The IPS module will be able to inspect that traffic and based on his signatures or on the behavior of the host detect the attack and deppending of its configuration ( Inline or promiscuos mode) It will drop the packet inmediatly.
Regards,
Julio
Do rate all the helpful posts!!
02-07-2012 12:45 PM
Thanks Julio!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide