Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IDS abilities

I'm a little confused on the the abilities of an IDS sensor 4210. I understand that it can monitor, report and stop attacks based on signatures. What I'm a little misled is if the sensor needs to talk to the PIX when an intrusion is detected to shun the attacker, or does the Sensor itself shuns the attacker without talking to the PIX.

Thank you

  • Other Security Subjects
4 REPLIES
Cisco Employee

Re: IDS abilities

Since the Sensor is not an inline device, it cannot drop the packets.

The Sensor must be configured to manage a PIX (or router). Then, when a signature is triggered, it sends a shun message to the PIX, which then activates the shun.

New Member

Re: IDS abilities

Thank you for answering my post. I guess my last question would be when the sensor communicates with the PIX to shun IP's, is there another alternative to or does the communication to the PIX have to be on SSH which requires 3DES encryption on the PIX?

Re: IDS abilities

The 4210 can also telnet to the PIX

Cisco Employee

Re: IDS abilities

A few notes...

The sensor can telnet to a PIX only if it connects to the PIX inside interface.

Also, the released sensor software has a bug that prevents telnet

connections to version 6.2.1 and later PIXes.

In the current sensor version, only 3des encryption is supported for

SSH sessions.

There is an engineering build available for download from CCO

which fixes the telnet bug. Soon this will be replaced by

an engineering build that also supports SSH sessions with

des encryption.

108
Views
0
Helpful
4
Replies
This widget could not be displayed.