https://community.cisco.com/t5/network-security/idsm2-version-4-1-blocking-attacks/m-p/500416#M91452 <P>Hello All,</P><P></P><P>We have set up a IDSM2 version 4.1 on a Cisco Catalyst 6500 switch.</P><P></P><P>We have configured it using SPAN on specific vlans and if we run a port sweep, we can see the alarms on the IDS viewer.</P><P></P><P>It is possible to stop any attack by dropping packets/ flows or blocking dynamically the source ip address of the attack ?</P><P></P><P>Thanks in advance.</P><P></P><P>Nikos</P><P></P> Sun, 10 Mar 2019 09:41:12 GMT nmourtzinos 2019-03-10T09:41:12Z https://community.cisco.com/t5/network-security/idsm2-version-4-1-blocking-attacks/m-p/500416#M91452 <P>Hello All,</P><P></P><P>We have set up a IDSM2 version 4.1 on a Cisco Catalyst 6500 switch.</P><P></P><P>We have configured it using SPAN on specific vlans and if we run a port sweep, we can see the alarms on the IDS viewer.</P><P></P><P>It is possible to stop any attack by dropping packets/ flows or blocking dynamically the source ip address of the attack ?</P><P></P><P>Thanks in advance.</P><P></P><P>Nikos</P><P></P> Sun, 10 Mar 2019 09:41:12 GMT https://community.cisco.com/t5/network-security/idsm2-version-4-1-blocking-attacks/m-p/500416#M91452 nmourtzinos 2019-03-10T09:41:12Z https://community.cisco.com/t5/network-security/idsm2-version-4-1-blocking-attacks/m-p/500417#M91454 <HTML><HEAD></HEAD><BODY><P>When the system detects unauthorized activity, appliances can terminate the specific connection, permanently block the attacking host, log the incident, and send an alert to the IDS manager. Other legitimate connections continue to operate independently without interruption. </P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_installation_and_configuration_guide_chapter09186a0080358053.html" target="_blank">http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_installation_and_configuration_guide_chapter09186a0080358053.html</A></P></BODY></HTML> Tue, 18 Oct 2005 15:25:32 GMT https://community.cisco.com/t5/network-security/idsm2-version-4-1-blocking-attacks/m-p/500417#M91454 2005-10-18T15:25:32Z https://community.cisco.com/t5/network-security/idsm2-version-4-1-blocking-attacks/m-p/500418#M91456 <HTML><HEAD></HEAD><BODY><P>The IDSM-2 as the IDS sensor is allowed to initiate blocking to other devices either through IDM or CiscoWorks VMS (IDS MC), for automatic blocking you just assign block as eventAction for the desired signature and the IDSM-2 will push an VACL to the switch.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_example09186a00801e8181.shtml" target="_blank">http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_example09186a00801e8181.shtml</A></P><P></P></BODY></HTML> Tue, 18 Oct 2005 18:16:13 GMT https://community.cisco.com/t5/network-security/idsm2-version-4-1-blocking-attacks/m-p/500418#M91456 abdel_n 2005-10-18T18:16:13Z