Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
282
Views
0
Helpful
4
Replies

IDS abilities

fregon
Level 1
Level 1

‎01-29-2003 02:44 PM - edited ‎03-09-2019 01:54 AM

I'm a little confused on the the abilities of an IDS sensor 4210. I understand that it can monitor, report and stop attacks based on signatures. What I'm a little misled is if the sensor needs to talk to the PIX when an intrusion is detected to shun the attacker, or does the Sensor itself shuns the attacker without talking to the PIX.

Thank you

Labels:
0 Helpful
4 Replies 4

kleem
Cisco Employee
Cisco Employee

‎01-29-2003 03:31 PM

Since the Sensor is not an inline device, it cannot drop the packets.

The Sensor must be configured to manage a PIX (or router). Then, when a signature is triggered, it sends a shun message to the PIX, which then activates the shun.

0 Helpful

fregon
Level 1
Level 1
In response to kleem

‎01-29-2003 04:15 PM

Thank you for answering my post. I guess my last question would be when the sensor communicates with the PIX to shun IP's, is there another alternative to or does the communication to the PIX have to be on SSH which requires 3DES encryption on the PIX?

0 Helpful

travis-dennis_2
Level 7
Level 7
In response to fregon

‎01-29-2003 07:25 PM

The 4210 can also telnet to the PIX

0 Helpful

stleary
Cisco Employee
Cisco Employee
In response to travis-dennis_2

‎01-30-2003 06:39 AM

A few notes...

The sensor can telnet to a PIX only if it connects to the PIX inside interface.

Also, the released sensor software has a bug that prevents telnet

connections to version 6.2.1 and later PIXes.

In the current sensor version, only 3des encryption is supported for

SSH sessions.

There is an engineering build available for download from CCO

which fixes the telnet bug. Soon this will be replaced by

an engineering build that also supports SSH sessions with

des encryption.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents