MARS mitigation: can not push to pix
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-02-2005 07:45 AM - edited 02-21-2020 12:30 AM
I just installed MARS 4.1 to monitor IDS (4.0), PIX (6.3.3) and several internal switches. Everything seems ok but the mitigation. It appears if the mitigation suggestion is a switch, the PUSH botton is activated, but if the PIX is the suggested solution, the PUSH button is not activated.
The PIX is configured with SSH. I verified the passwords and snmp string. Still same problem. Anyone have any ideas?
Thanks,
- Labels:
-
Other Network Security Topics
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-08-2005 07:55 AM
sure that all the L2 devices have the SNMP RO community strings specified in the HTML interface for L2 mitigation, even if the access type is not SNMP. (See Mitigation, page 18-6 for more information on mitigating an attack.)
The SNMP RO community string is always required on Layer 2 devices for L2 mitigation. L2 devices must be added manuallythere is no automatic discovery for these device.
CS-MARS does not discover L2 devices automatically as it does with L3 devices.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-18-2005 11:30 AM
PIX would be a L3 device. I am having the same problem. Bump.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-18-2005 12:42 PM
Too bad Mars does not push to L3 devices. I hear they are plaaning to put it into future releases.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-18-2005 12:55 PM
So even though it offers the shun command it will not push to the PIX? That doesn't sound right - did you talk with TAC on this? TIA.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-18-2005 02:12 PM
Yes, I had a TAC case. It is also in the documentation. I didn't see the fine print. Mars will only push to L2 not L3.
