12-02-2010 10:25 PM - edited 03-10-2019 05:12 AM
anyone know IDSM could detect IP Spoofing ?
currently, we have set mirroring entire vlan traffic into IDSM. All workstations under same VLAN.
Within the VLAN, always having duplicated IP happened. and we concern is it IP spoffing happened on the network.
I try to simulate the situation...We set 2 workstaions with same IPs but different MAC addresses.
Normally, pc would get duplicated IP address conflict. Would IDSM could sense this? However, I fail to get any event for this in IDSM.
Any suggestion to simulate the situation? and did IDSM support detecting IP Spoofing?
12-09-2010 11:39 AM
Hello,
I would suggest moving this question over to the IPS/IDS community, the experts there will have a better answer for you:
https://supportforums.cisco.com/community/netpro/security/intrusion-prevention
You can also check the product documentation here:
http://www.cisco.com/en/US/products/hw/modules/ps2706/ps5058/tsd_products_support_model_home.html
-Mike
12-14-2010 02:41 AM
Any update?
02-07-2011 11:44 AM
Hello szekahungdanny,
This would require the IDSM-2 to maintain a table of IP/MAC correlation. This is not a function of the IDSM. What you are looking for is the ip source guard feature of the Catalyst switches: http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/ipsrcgrd.html
Please let me know if I can help you with anything further within the context of this thread. If your question has been Answered, please mark the thread as such so that it will be helpful to other users. Also, please feel free to Rate this thread to reflect your experience.
Thank you,
Blayne Dreier
Cisco TAC Escalation Team
**Please check out our Podcasts**
TAC Security Show: http://www.cisco.com/go/tacsecuritypodcast
TAC IPS Media Series: https://supportforums.cisco.com/docs/DOC-12758
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide