The original term was shunning, but when dealing with overseas customers the term was confusing so it was renamed to blocking.
Blocking is the feature in IDS systems where the sensor establishes a telnet or ssh connection to a router, switch, or firewall that the user has designated. The sensor then creates an acl on the router or switch that denies the ip address of the attacker machine, or in the case of the Pix firewall will execute the firewall's own shun command to deny the attacker ip address.
All Cisco IDS versions will support blocking.
For version 4.x sensors refer to the following areas of the configuration guide:
With Blocking/shunning the sensor connects to and reconfigures another network device which does the deny.
Some other IDS vendors have also implemented the ability for the IDS itself to drop or deny the offending packet without having to rely on another networking device. This feature is not implemented in version 4.x or prior versions of Cisco IDS.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...