Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
520
Views
0
Helpful
2
Replies

IDSM2 version 4.1 blocking attacks

nmourtzinos
Level 1
Level 1

‎10-12-2005 06:58 AM - edited ‎03-10-2019 01:41 AM

Hello All,

We have set up a IDSM2 version 4.1 on a Cisco Catalyst 6500 switch.

We have configured it using SPAN on specific vlans and if we run a port sweep, we can see the alarms on the IDS viewer.

It is possible to stop any attack by dropping packets/ flows or blocking dynamically the source ip address of the attack ?

Thanks in advance.

Nikos

Labels:
0 Helpful
2 Replies 2

Not applicable

‎10-18-2005 08:25 AM

When the system detects unauthorized activity, appliances can terminate the specific connection, permanently block the attacking host, log the incident, and send an alert to the IDS manager. Other legitimate connections continue to operate independently without interruption.

http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_installation_and_configuration_guide_chapter09186a0080358053.html

0 Helpful

abdel_n
Level 1
Level 1

‎10-18-2005 11:16 AM

The IDSM-2 as the IDS sensor is allowed to initiate blocking to other devices either through IDM or CiscoWorks VMS (IDS MC), for automatic blocking you just assign block as eventAction for the desired signature and the IDSM-2 will push an VACL to the switch.

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_example09186a00801e8181.shtml

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card