06-21-2002 02:07 AM - edited 03-08-2019 11:04 PM
Hi all,
For a new installation, what default blocking actions are taken? What do you configure at the Blocking sensor or the IOS router?
For your assistance, pls. Thank you.
06-21-2002 06:15 AM
The default is not to perform blocking. I am not sure how to answer
your second question. The configuration actions depend on what you
are trying to accomplish, and on how the router is currently configured.
Can you be more specific?
06-21-2002 08:20 AM
Using the current signature file downloaded from Cisco, what do we usually configure at the Blocking sensor or Blocking IOS router.
Do we wait for a attack.... then when we got a notification from the log.. then we block the attack?
06-21-2002 10:19 PM
Through the Director or CSPM, Sensors can be configured to use Cisco routers to shun hosts and networks which is called BLOCKING or SHUNNING.
Blocking is not configured by default, you have to if you need it. Blocking (or shunning) dynamically puts an ACL on the router if you detect a certain signature.
You can configure the IDS to perform response actions upon the firing of an alarm. These response actions include shunning on routers, firewalls, and switches; TCP resets; and, IP session logging
Some URLs;
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids6/12216_02.htm#34965
http://www.cisco.com/warp/public/707/shunning_director.html
HTH
R/Yusuf
06-21-2002 11:46 PM
Hi,
Sorry i am not able to do any testing now.
Just saw a red indication LED on my IDS-4230 beside the harddisk icon...
Tried to telnet IDS but failed.... tried to console to IDS...hung... Then tried to reset the IDS..
Console Message:
---------------
Autobooting from bootpath: /pci@0,0/pci-ide@12,1/ide@0/cmdk@0,0:a
If the system hardware has changed, or to boot from a different device, interrupt the autoboot process by pressing ESC.
Initialing system
Please wait...
Booting CSIDS
SunOS Release 5.8 Version Generic_108529-05 32-bit
Copyright 1983-2000 Sun Microsystems, Inc. All rights reservered.
Got hung there.....
Think something is wrong with the IDS OS.
Pls assist
06-22-2002 12:36 AM
Looks like the IDS OS is corrupt and won't come up. You need to rebuild the IDS using the Recovery CD that came with the box. Note that this will erase everything ofcourse, and you need to do sysconfig-sensor to initialize it again.
HTH
R/Yusuf
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: