Re: MARS mitigation: can not push to pix

s.buskus · ‎11-02-2005

I just installed MARS 4.1 to monitor IDS (4.0), PIX (6.3.3) and several internal switches. Everything seems ok but the mitigation. It appears if the mitigation suggestion is a switch, the PUSH botton is activated, but if the PIX is the suggested solution, the PUSH button is not activated.

The PIX is configured with SSH. I verified the passwords and snmp string. Still same problem. Anyone have any ideas?

Thanks,

mchin345 · ‎11-08-2005

sure that all the L2 devices have the SNMP RO community strings specified in the HTML interface for L2 mitigation, even if the access type is not SNMP. (See Mitigation, page 18-6 for more information on mitigating an attack.)

The SNMP RO community string is always required on Layer 2 devices for L2 mitigation. L2 devices must be added manuallythere is no automatic discovery for these device.

CS-MARS does not discover L2 devices automatically as it does with L3 devices.

JOSH GANT · ‎11-18-2005

PIX would be a L3 device. I am having the same problem. Bump.

s.buskus · ‎11-18-2005

Too bad Mars does not push to L3 devices. I hear they are plaaning to put it into future releases.

JOSH GANT · ‎11-18-2005

So even though it offers the shun command it will not push to the PIX? That doesn't sound right - did you talk with TAC on this? TIA.

s.buskus · ‎11-18-2005

Yes, I had a TAC case. It is also in the documentation. I didn't see the fine print. Mars will only push to L2 not L3.