Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
209
Views
0
Helpful
1
Replies

Time to Shun

mchoudhury
Level 1
Level 1

‎07-17-2002 01:48 AM - edited ‎03-08-2019 11:35 PM

I'm using a 4230 IDS F/E Sensor to detect and shun SMTP traffic with specific contents. I find that the shunning works but cannot prevent sessions with small payload, say 40-50 KB. Is there any way I can control the response time for the shun to work quicker and stop the current traffic?

Labels:
0 Helpful
1 Reply 1

stleary
Cisco Employee
Cisco Employee

‎07-17-2002 05:48 AM

Here are some hints for improving the time to shun. These are

based on the fact that IDS uses a sequence of commands

to shun on a router. Anything that reduces the number of

commands sent should slightly improve the time to shun.

Even In the best circumstances, it will still take a finite period

of time, probably on the order of 1 - 3 seconds, for a shun to

take effect.

1. Use a router that is sufficiently fast. Some smaller routers

(e.g. 1605) take a long time to commit configurations.

2. Configure the sensor to control 1 interface on 1 router.

3. Do not configure the sensor to apply pre-shun ACLs or

post-shun ACLs on that interface.

4. Minimize the number of always shun addresses.

5. Try to avoid large numbers of simultaneously active shuns.

0 Helpful
Customers Also Viewed These Support Documents