Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IDS: Blocking Configured But Packets Get Thru

IDS 4210 v3.1

PIX 515UR v6.2(2)

Cisco host IDS v2.5

I've configured the IDS to issue shun commands to the PIX. Manual blocking works ok. I also see the IDS issue blocking on it's own during an attack. I can verify this in the PIX.

However, I also see the Cisco host IDS on the target of the attack (web server on DMZ), log and prevent the attack.

That tells me that the IDS/PIX is not stopping all the packets. Right?

My question is: When the IDS detects an attack, should ALL packets be stopped or will the first one/few get through?

Tony

1 REPLY
New Member

Re: IDS: Blocking Configured But Packets Get Thru

Never mind.....

I configured the wrong signature for blocking...DOH!

86
Views
0
Helpful
1
Replies