Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
492
Views
0
Helpful
5
Replies

Configure Blocking sensor and Blocking IOS router

wongks
Level 1
Level 1

‎06-21-2002 02:07 AM - edited ‎03-08-2019 11:04 PM

Hi all,

For a new installation, what default blocking actions are taken? What do you configure at the Blocking sensor or the IOS router?

For your assistance, pls. Thank you.

Labels:
0 Helpful
5 Replies 5

stleary
Cisco Employee
Cisco Employee

‎06-21-2002 06:15 AM

The default is not to perform blocking. I am not sure how to answer

your second question. The configuration actions depend on what you

are trying to accomplish, and on how the router is currently configured.

Can you be more specific?

0 Helpful

wongks
Level 1
Level 1
In response to stleary

‎06-21-2002 08:20 AM

Using the current signature file downloaded from Cisco, what do we usually configure at the Blocking sensor or Blocking IOS router.

Do we wait for a attack.... then when we got a notification from the log.. then we block the attack?

0 Helpful

yusuff
Cisco Employee
Cisco Employee
In response to wongks

‎06-21-2002 10:19 PM

Through the Director or CSPM, Sensors can be configured to use Cisco routers to shun hosts and networks which is called BLOCKING or SHUNNING.

Blocking is not configured by default, you have to if you need it. Blocking (or shunning) dynamically puts an ACL on the router if you detect a certain signature.

You can configure the IDS to perform response actions upon the firing of an alarm. These response actions include shunning on routers, firewalls, and switches; TCP resets; and, IP session logging

Some URLs;

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids6/12216_02.htm#34965

http://www.cisco.com/warp/public/707/shunning_director.html

HTH

R/Yusuf

0 Helpful

wongks
Level 1
Level 1
In response to yusuff

‎06-21-2002 11:46 PM

Hi,

Sorry i am not able to do any testing now.

Just saw a red indication LED on my IDS-4230 beside the harddisk icon...

Tried to telnet IDS but failed.... tried to console to IDS...hung... Then tried to reset the IDS..

Console Message:

---------------

Autobooting from bootpath: /pci@0,0/pci-ide@12,1/ide@0/cmdk@0,0:a

If the system hardware has changed, or to boot from a different device, interrupt the autoboot process by pressing ESC.

Initialing system

Please wait...

Booting CSIDS

SunOS Release 5.8 Version Generic_108529-05 32-bit

Copyright 1983-2000 Sun Microsystems, Inc. All rights reservered.

Got hung there.....

Think something is wrong with the IDS OS.

Pls assist

0 Helpful

yusuff
Cisco Employee
Cisco Employee
In response to wongks

‎06-22-2002 12:36 AM

Looks like the IDS OS is corrupt and won't come up. You need to rebuild the IDS using the Recovery CD that came with the box. Note that this will erase everything ofcourse, and you need to do sysconfig-sensor to initialize it again.

HTH

R/Yusuf

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents