01-29-2003 02:44 PM - edited 03-09-2019 01:54 AM
I'm a little confused on the the abilities of an IDS sensor 4210. I understand that it can monitor, report and stop attacks based on signatures. What I'm a little misled is if the sensor needs to talk to the PIX when an intrusion is detected to shun the attacker, or does the Sensor itself shuns the attacker without talking to the PIX.
Thank you
01-29-2003 03:31 PM
Since the Sensor is not an inline device, it cannot drop the packets.
The Sensor must be configured to manage a PIX (or router). Then, when a signature is triggered, it sends a shun message to the PIX, which then activates the shun.
01-29-2003 04:15 PM
Thank you for answering my post. I guess my last question would be when the sensor communicates with the PIX to shun IP's, is there another alternative to or does the communication to the PIX have to be on SSH which requires 3DES encryption on the PIX?
01-29-2003 07:25 PM
The 4210 can also telnet to the PIX
01-30-2003 06:39 AM
A few notes...
The sensor can telnet to a PIX only if it connects to the PIX inside interface.
Also, the released sensor software has a bug that prevents telnet
connections to version 6.2.1 and later PIXes.
In the current sensor version, only 3des encryption is supported for
SSH sessions.
There is an engineering build available for download from CCO
which fixes the telnet bug. Soon this will be replaced by
an engineering build that also supports SSH sessions with
des encryption.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: