https://community.cisco.com/t5/network-security/block-ares-with-aip-ssm/m-p/869940#M84736 <HTML><HEAD></HEAD><BODY><P>The AIP SSM can operate in one of two modes, such as: </P><P></P><P>Inline mode&#20;This mode places the AIP SSM directly in the traffic flow. You must first pass through and be inspected by the AIP SSM before you can continue through the adaptive security appliance.</P><P></P><P>This mode is the most secure because every packet is analyzed before it is allowed through. Also, the AIP SSM can implement a blocking policy on a packet-by-packet basis. But, this mode can affect throughput. Use the Inline keyword of the ips command in order to specify this mode.</P><P></P><P></P><P>Promiscuous mode&#20;In this mode, a duplicate stream of traffic is sent to the AIP SSM. This mode is less secure. The SSM that operates in promiscuous mode instructs the adaptive security appliance to shun the traffic or resets a connection on the adaptive security appliance in order to block traffic. </P><P></P><P>Also, while the AIP SSM analyzes the traffic, a small amount of traffic possibly passes through the adaptive security appliance before the AIP SSM can block it. Use the Promiscuous keyword of the ips command in order to specify this mode.</P><P></P><P></P></BODY></HTML> Thu, 07 Feb 2008 23:12:26 GMT bwilmoth 2008-02-07T23:12:26Z https://community.cisco.com/t5/network-security/block-ares-with-aip-ssm/m-p/869939#M84732 <P> Hi,</P><P></P><P> One of my costumers has the urgent need to block one p2p application named ares. I searched in the p2p signature database and i found signatures for kazza, gnutella, imesh,etc , but didnt find any reference to this application.</P><P></P><P> Any ideas how can i block ares with an AIP-SSM ?</P><P></P><P>Regards</P> Sun, 10 Mar 2019 10:58:24 GMT https://community.cisco.com/t5/network-security/block-ares-with-aip-ssm/m-p/869939#M84732 rretanag099 2019-03-10T10:58:24Z https://community.cisco.com/t5/network-security/block-ares-with-aip-ssm/m-p/869940#M84736 <HTML><HEAD></HEAD><BODY><P>The AIP SSM can operate in one of two modes, such as: </P><P></P><P>Inline mode&#20;This mode places the AIP SSM directly in the traffic flow. You must first pass through and be inspected by the AIP SSM before you can continue through the adaptive security appliance.</P><P></P><P>This mode is the most secure because every packet is analyzed before it is allowed through. Also, the AIP SSM can implement a blocking policy on a packet-by-packet basis. But, this mode can affect throughput. Use the Inline keyword of the ips command in order to specify this mode.</P><P></P><P></P><P>Promiscuous mode&#20;In this mode, a duplicate stream of traffic is sent to the AIP SSM. This mode is less secure. The SSM that operates in promiscuous mode instructs the adaptive security appliance to shun the traffic or resets a connection on the adaptive security appliance in order to block traffic. </P><P></P><P>Also, while the AIP SSM analyzes the traffic, a small amount of traffic possibly passes through the adaptive security appliance before the AIP SSM can block it. Use the Promiscuous keyword of the ips command in order to specify this mode.</P><P></P><P></P></BODY></HTML> Thu, 07 Feb 2008 23:12:26 GMT https://community.cisco.com/t5/network-security/block-ares-with-aip-ssm/m-p/869940#M84736 bwilmoth 2008-02-07T23:12:26Z