Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Detect attack man in the middle with IDS/IPS

Hi,

I have aip-ssm 20, IPS Version 7.0(6)E4

The ID  signature 7101, 7102, 7104 and 7105 is used for detecting attack arp poison.

The sensor works as IDS in promiscuous mode. All traffic is fordwared to sensor.

I have made attack man in the middle with cain & abel but sensor doesn't send alarm. I attach image with signatures.

Why don't sensor detect attack? The network is in zone inside.

Can anybody help me, please?

2 REPLIES
Cisco Employee

Detect attack man in the middle with IDS/IPS

Did you check if SSM is getting those packets by running "packet display .." command on the sensing interface. In SSM the ARP packets would not be forwarded by ASA to the SSM.

thx

Madhu

New Member

Detect attack man in the middle with IDS/IPS

Couldn't the sensor detect this kind of attack?

desn`t the signature work  with aip-ssm?

Thx.

780
Views
0
Helpful
2
Replies
CreatePlease to create content