Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Configure Blocking sensor and Blocking IOS router

Hi all,

For a new installation, what default blocking actions are taken? What do you configure at the Blocking sensor or the IOS router?

For your assistance, pls. Thank you.

  • Other Security Subjects
5 REPLIES
Cisco Employee

Re: Configure Blocking sensor and Blocking IOS router

The default is not to perform blocking. I am not sure how to answer

your second question. The configuration actions depend on what you

are trying to accomplish, and on how the router is currently configured.

Can you be more specific?

New Member

Re: Configure Blocking sensor and Blocking IOS router

Using the current signature file downloaded from Cisco, what do we usually configure at the Blocking sensor or Blocking IOS router.

Do we wait for a attack.... then when we got a notification from the log.. then we block the attack?

Cisco Employee

Re: Configure Blocking sensor and Blocking IOS router

Through the Director or CSPM, Sensors can be configured to use Cisco routers to shun hosts and networks which is called BLOCKING or SHUNNING.

Blocking is not configured by default, you have to if you need it. Blocking (or shunning) dynamically puts an ACL on the router if you detect a certain signature.

You can configure the IDS to perform response actions upon the firing of an alarm. These response actions include shunning on routers, firewalls, and switches; TCP resets; and, IP session logging

Some URLs;

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids6/12216_02.htm#34965

http://www.cisco.com/warp/public/707/shunning_director.html

HTH

R/Yusuf

New Member

Re: Configure Blocking sensor and Blocking IOS router

Hi,

Sorry i am not able to do any testing now.

Just saw a red indication LED on my IDS-4230 beside the harddisk icon...

Tried to telnet IDS but failed.... tried to console to IDS...hung... Then tried to reset the IDS..

Console Message:

---------------

Autobooting from bootpath: /pci@0,0/pci-ide@12,1/ide@0/cmdk@0,0:a

If the system hardware has changed, or to boot from a different device, interrupt the autoboot process by pressing ESC.

Initialing system

Please wait...

Booting CSIDS

SunOS Release 5.8 Version Generic_108529-05 32-bit

Copyright 1983-2000 Sun Microsystems, Inc. All rights reservered.

Got hung there.....

Think something is wrong with the IDS OS.

Pls assist

Cisco Employee

Re: Configure Blocking sensor and Blocking IOS router

Looks like the IDS OS is corrupt and won't come up. You need to rebuild the IDS using the Recovery CD that came with the box. Note that this will erase everything ofcourse, and you need to do sysconfig-sensor to initialize it again.

HTH

R/Yusuf

139
Views
0
Helpful
5
Replies
This widget could not be displayed.