Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
769
Views
0
Helpful
3
Replies

IDSM handling IP Spoofing

szekahungdanny
Level 1
Level 1

‎12-02-2010 10:25 PM - edited ‎03-10-2019 05:12 AM

anyone know IDSM could detect IP Spoofing ?

currently, we have set mirroring entire vlan traffic into IDSM. All workstations under same VLAN.

Within the VLAN, always having duplicated IP happened. and we concern is it IP spoffing happened on the network.

I try to simulate the situation...We set 2 workstaions with same IPs but different MAC addresses.

Normally, pc would get duplicated IP address conflict. Would IDSM could sense this? However, I fail to get any event for this in IDSM.

Any suggestion to simulate the situation? and did IDSM support detecting IP Spoofing?        

Labels:
0 Helpful
3 Replies 3

mirober2
Cisco Employee
Cisco Employee

‎12-09-2010 11:39 AM

Hello,

I would suggest moving this question over to the IPS/IDS community, the experts there will have a better answer for you:

https://supportforums.cisco.com/community/netpro/security/intrusion-prevention

You can also check the product documentation here:

http://www.cisco.com/en/US/products/hw/modules/ps2706/ps5058/tsd_products_support_model_home.html

-Mike

0 Helpful

szekahungdanny
Level 1
Level 1
In response to mirober2

‎12-14-2010 02:41 AM

Any update?

0 Helpful

Christopher Dreier
Level 3
Level 3

‎02-07-2011 11:44 AM

Hello szekahungdanny,

This would require the IDSM-2 to maintain a table of IP/MAC correlation. This is not a function of the IDSM. What you are looking for is the ip source guard feature of the Catalyst switches: http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/ipsrcgrd.html

Please let me know if I can help you with anything further within the context of this thread. If your question has been Answered, please mark the thread as such so that it will be helpful to other users. Also, please feel free to Rate this thread to reflect your experience.

Thank you,
Blayne Dreier
Cisco TAC Escalation Team

**Please check out our Podcasts**
TAC Security Show: http://www.cisco.com/go/tacsecuritypodcast
TAC IPS Media Series: https://supportforums.cisco.com/docs/DOC-12758

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card