cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
612
Views
0
Helpful
3
Replies

IDS and Firewall ?

vikrantarora
Level 1
Level 1

I am new to cisco ids. our company already has an IDS blade in the cat 6509 switch.

We also have pix but there I was told that PIX is Vulnerable to the following attacks:

UDP Flood

IP Range Scan

DoS/DDoS

HTTP attacks spanning multiple attacks

1. Can I take care of these with IDS?

2. Can the IDS act like a firewall in case of an attack? or can IDS be used as a firewall in general?

Thanks

vik

3 Replies 3

sghosh
Level 1
Level 1

Hi,

IDS can help you in detecting these type of attacks and not act like a firewall.

It can do a TCP reset on the session or do Shunning (applying a ACL) on the perimeter router to stop certain ip addresses for some types of attacks.

Thanks

Sujit

Hi,

Whats the effectiveness of TCP reset action in the IDS 4210 sensor. I tried configuring many TCP signatures with action = reset. I am getting the alarms in the event viewer but the session never gets terminated. Can anybody give me an example on simulating any signature with TCP reset action. I donot want to configure shunning or blocking on PIX/Routers.

Thanks

Avi

How is your sensors sniffing interface connected to the network?

If you are connected to a switch and using SPAN to see the traffic you need to enable inpkts so that the switch will accept the TCP reset packets from the sensor.

If you show port mac for the port the sniffing interface is connected to you should see the number of packets received going up by 200 every time the sensor sends reset packets.