https://community.cisco.com/t5/network-security/idsm-handling-ip-spoofing/m-p/1569435#M66035 <HTML><HEAD></HEAD><BODY><P>Hello szekahungdanny,</P><P></P><P><SPAN>This would require the IDSM-2 to maintain a table of IP/MAC correlation. This is not a function of the IDSM. What you are looking for is the ip source guard feature of the Catalyst switches: </SPAN><A class="jive-link-external-small" href="http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/ipsrcgrd.html">http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/ipsrcgrd.html</A></P><P></P><P>Please let me know if I can help you with anything further within the context of this thread. If your question has been Answered, please mark the thread as such so that it will be helpful to other users. Also, please feel free to Rate this thread to reflect your experience.</P><P></P><P>Thank you,<BR />Blayne Dreier<BR />Cisco TAC Escalation Team</P><P></P><P>**Please check out our Podcasts**<BR /><SPAN>TAC Security Show: </SPAN><A class="jive-link-external-small" href="http://www.cisco.com/go/tacsecuritypodcast">http://www.cisco.com/go/tacsecuritypodcast</A><BR /><SPAN>TAC IPS Media Series: </SPAN><A class="jive-link-wiki-small" href="https://community.cisco.com/docs/DOC-12758">https://supportforums.cisco.com/docs/DOC-12758</A></P></BODY></HTML> Mon, 07 Feb 2011 19:44:49 GMT Christopher Dreier 2011-02-07T19:44:49Z https://community.cisco.com/t5/network-security/idsm-handling-ip-spoofing/m-p/1569432#M66032 <P>anyone know IDSM could detect IP Spoofing ?</P><P>currently, we have set mirroring entire vlan traffic into IDSM. All workstations under same VLAN.</P><P>Within the VLAN, always having duplicated IP happened. and we concern is it IP spoffing happened on the network.</P><P></P><P>I try to simulate the situation...We set 2 workstaions with same IPs but different MAC addresses.</P><P>Normally, pc would get duplicated IP address conflict. Would IDSM could sense this? However, I fail to get any event for this in IDSM.</P><P></P><P>Any suggestion to simulate the situation? and did IDSM support detecting IP Spoofing?&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P> Sun, 10 Mar 2019 12:12:02 GMT https://community.cisco.com/t5/network-security/idsm-handling-ip-spoofing/m-p/1569432#M66032 szekahungdanny 2019-03-10T12:12:02Z https://community.cisco.com/t5/network-security/idsm-handling-ip-spoofing/m-p/1569433#M66033 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>I would suggest moving this question over to the IPS/IDS community, the experts there will have a better answer for you:</P><P></P><P><A class="jive-link-community-small" href="https://community.cisco.com/community/netpro/security/intrusion-prevention">https://supportforums.cisco.com/community/netpro/security/intrusion-prevention</A></P><P></P><P>You can also check the product documentation here:</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/products/hw/modules/ps2706/ps5058/tsd_products_support_model_home.html">http://www.cisco.com/en/US/products/hw/modules/ps2706/ps5058/tsd_products_support_model_home.html</A></P><P></P><P>-Mike</P></BODY></HTML> Thu, 09 Dec 2010 19:39:02 GMT https://community.cisco.com/t5/network-security/idsm-handling-ip-spoofing/m-p/1569433#M66033 mirober2 2010-12-09T19:39:02Z https://community.cisco.com/t5/network-security/idsm-handling-ip-spoofing/m-p/1569434#M66034 <HTML><HEAD></HEAD><BODY><P>Any update?</P></BODY></HTML> Tue, 14 Dec 2010 10:41:37 GMT https://community.cisco.com/t5/network-security/idsm-handling-ip-spoofing/m-p/1569434#M66034 szekahungdanny 2010-12-14T10:41:37Z https://community.cisco.com/t5/network-security/idsm-handling-ip-spoofing/m-p/1569435#M66035 <HTML><HEAD></HEAD><BODY><P>Hello szekahungdanny,</P><P></P><P><SPAN>This would require the IDSM-2 to maintain a table of IP/MAC correlation. This is not a function of the IDSM. What you are looking for is the ip source guard feature of the Catalyst switches: </SPAN><A class="jive-link-external-small" href="http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/ipsrcgrd.html">http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/ipsrcgrd.html</A></P><P></P><P>Please let me know if I can help you with anything further within the context of this thread. If your question has been Answered, please mark the thread as such so that it will be helpful to other users. Also, please feel free to Rate this thread to reflect your experience.</P><P></P><P>Thank you,<BR />Blayne Dreier<BR />Cisco TAC Escalation Team</P><P></P><P>**Please check out our Podcasts**<BR /><SPAN>TAC Security Show: </SPAN><A class="jive-link-external-small" href="http://www.cisco.com/go/tacsecuritypodcast">http://www.cisco.com/go/tacsecuritypodcast</A><BR /><SPAN>TAC IPS Media Series: </SPAN><A class="jive-link-wiki-small" href="https://community.cisco.com/docs/DOC-12758">https://supportforums.cisco.com/docs/DOC-12758</A></P></BODY></HTML> Mon, 07 Feb 2011 19:44:49 GMT https://community.cisco.com/t5/network-security/idsm-handling-ip-spoofing/m-p/1569435#M66035 Christopher Dreier 2011-02-07T19:44:49Z