Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
373
Views
5
Helpful
1
Replies

IPS-Mode Vs. IDS-Mode with Shunning

haithamnofal
Level 3
Level 3

‎06-05-2007 03:00 AM - edited ‎03-10-2019 03:38 AM

Hi,

I would like to ask about any possible limitations for an IDS configured for shunning connections by integrating with a Cisco ASA; I have the following questions in this regard:

1- Is it the particular malicious traffic which will be blocked, or the complete IP address and port number from which the attack is received which will be blocked?

2- How long will the ACL added for shunning remain in the ASA config?

3- Will the first packet reach to the victim, and if so what would be the implications?

4- Are there any advantages for the IPS mode over the IDS mode?

Regards,

Haitham

Labels:
0 Helpful
1 Reply 1

m.sir
Level 7
Level 7

‎06-05-2007 05:44 AM

1) You can specify two block actions on IPS

1a) Request Block Host (sensor blocks all traffic from the host that triggered the signature)

1b) Request Block Connection (blocks only traffic from the host to the destination port of the traffic that triggered the signature

2)You can specify "block time" on IPS - The default blocking duration is 30 minutes

3)Because IDS is outside of the forwarding path, one or more attack packets might reach the target before the response action can be activated ... How is it serious??? It depends for some attacks its no problem BUT IDS cannot stop fox example Atomic attacks that use only one packet for the attack

4) Its INLINE function - IPS is Positioned directly in the packet-forwarding path as a Layer 2 bridge Analyzes data as it travels

between two interfaces.

IPS also has Aplication level inspection

and Risk rating features what IDS hasnt

M.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card