Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
259
Views
0
Helpful
1
Replies

IDS: Blocking Configured But Packets Get Thru

tscislaw_2
Level 1
Level 1

‎02-19-2003 11:33 AM - edited ‎03-09-2019 02:09 AM

IDS 4210 v3.1

PIX 515UR v6.2(2)

Cisco host IDS v2.5

I've configured the IDS to issue shun commands to the PIX. Manual blocking works ok. I also see the IDS issue blocking on it's own during an attack. I can verify this in the PIX.

However, I also see the Cisco host IDS on the target of the attack (web server on DMZ), log and prevent the attack.

That tells me that the IDS/PIX is not stopping all the packets. Right?

My question is: When the IDS detects an attack, should ALL packets be stopped or will the first one/few get through?

Tony

Labels:
0 Helpful
1 Reply 1

tscislaw_2
Level 1
Level 1

‎02-25-2003 07:27 AM

Never mind.....

I configured the wrong signature for blocking...DOH!

0 Helpful
Customers Also Viewed These Support Documents