Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1599
Views
0
Helpful
2
Replies

Detect attack man in the middle with IDS/IPS

emilioj.romero
Level 1
Level 1

‎12-02-2011 03:13 PM - edited ‎03-10-2019 05:33 AM

Hi,

I have aip-ssm 20, IPS Version 7.0(6)E4

The ID  signature 7101, 7102, 7104 and 7105 is used for detecting attack arp poison.

The sensor works as IDS in promiscuous mode. All traffic is fordwared to sensor.

I have made attack man in the middle with cain & abel but sensor doesn't send alarm. I attach image with signatures.

Why don't sensor detect attack? The network is in zone inside.

Can anybody help me, please?

Labels:
Preview file
109 KB
0 Helpful
2 Replies 2

mkodali
Cisco Employee
Cisco Employee

‎12-03-2011 07:34 PM

Did you check if SSM is getting those packets by running "packet display .." command on the sensing interface. In SSM the ARP packets would not be forwarded by ASA to the SSM.

thx

Madhu

0 Helpful

emilioj.romero
Level 1
Level 1
In response to mkodali

‎12-04-2011 04:04 AM

Couldn't the sensor detect this kind of attack?

desn`t the signature work  with aip-ssm?

Thx.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card