Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
257
Views
0
Helpful
1
Replies

IDS Configuration

c.cochin
Level 1
Level 1

‎01-30-2004 11:28 PM - edited ‎03-09-2019 06:17 AM

One packet which contains a worm and the traffic is a legitmate one , hence my Firewall allowed the packet.My IDS detected the maliciousy activity and it is alarmed. I want automatically there should an ACL has to be formed in my Firewall/Router. How this scenario practically configured by using event viewer/IDS Manager. Pls explain.

Labels:
0 Helpful
1 Reply 1

awaheed
Cisco Employee
Cisco Employee

‎01-31-2004 02:51 PM

Hi Cochin,

You can use the shunning feature to get this done

Configuring Blocking using IDM:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids9/idmiev/swchap3.htm#593299

Additionally, shunning can be configured on PIX aswell:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/s.htm#1026366

hope this helps,

Regards,

Aamir

-=-=-

0 Helpful
Customers Also Viewed These Support Documents