cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3354
Views
0
Helpful
10
Replies

Adding a host IP under trusted host in IDSM

shankar1023
Level 1
Level 1

Could anyone let me know what is the use / impact of adding one host IP in IDSM under - configuration- trusted host? I am trying to add a host IP which is generating legitmate traffic(to exculde this IP from reporting), however, I would like to get more information that what exatctly will happen if I add this

Thank you,

Sankar

10 Replies 10

shankar1023
Level 1
Level 1

Also, It says the below error when adding, please help on this

Well, IPS tries to connect on port 443 by defaut on the target IP address. If it is closed, you'll receive this error.

Alternatively, you can specify the port number in the command.

Regards,

Sawan Gupta

Thanks & Regards, Sawan Gupta

This isnt the IPS device, its IDSM. also , I am trying to add a trusted host.

Right. The trusted-host should have port 443 open.

Once a trusted-host is added, then for future communication the stored key would be used.

Please have a look at the following link:

http://www.cisco.com/en/US/docs/security/ips/6.0/configuration/guide/cli/cliTasks.html#wp1056053

Regards,

Sawan Gupta

Thanks & Regards, Sawan Gupta

shankar1023
Level 1
Level 1

Can you please explain me about my initial query

Adding a host as trusted-host does not mean that the traffic from that host won't be analyzed.

If you trust the traffic from a source IP, do you see any false alerts being generated ?

Thanks & Regards, Sawan Gupta

the traffic is not a false positive. I want to add the source/destination to the exclusion list so that I should not get this alrert from next time.My requirement it tell the IDSM to trust the traffic and do not declare it as malacious

Could you please tell us more about the network topology.

Regards,

Sawan Gupta

Thanks & Regards, Sawan Gupta

The network topology is very simple, we have server forms connected via an IDSM which is acting as NIDS. it is detecting the malacious traffic on singnature based. I got a alert that one of the server is receving the SQL injection attack from an internet IP and I checked with the server owner and he confirmed that the traffic from the internet  IP is legitimate. so I want to exclude this IP from the NIDS so that I will not get this alert from next time.

Hi,

This case please disable the signature which is givinge alert.or tune the signature for ur server.

Regards

Rajeswar

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: