Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
280
Views
0
Helpful
2
Replies

Shun question/suggestion re: Kazaa

jeff.roback
Level 1
Level 1

‎06-19-2003 06:00 PM - edited ‎03-09-2019 03:45 AM

Is it currently possible to shun the Destination IP of an alarm?

For example, if one of my users tries to open a Kazaa session with a remote site, alarm 11005 fires. In this case the user is the source and the kazaa server is the destination. Currently I send a reset, but actually I'd like to temorarily shun the destination of the Kazaa GET request to be limit the functionality of Kazaa as much as possible. I don't want to Shun the source, since I only want to block the user's kazaa activity, not all internet activity. So is there any way to modify the shun functionality to shun the DESTINATION of the attack instead of the source for this alarm?

If I can't change the shun methodology, is it possible to modify the signature to reverse the source & destination ip in the signatures so that the shun will take the effect I want?

As a side thought, it'd be exceptionally cool if an IDS sensing outside a pix could do a port/ip lookup in the pix (via it's inside control interface) to give the true client IP address of clients being NATed through the pix.

Thanks!

Labels:
0 Helpful
2 Replies 2

jlively
Cisco Employee
Cisco Employee

‎06-19-2003 06:05 PM

you could turn FlipAddr on that would filp the source and dest ip sent to managed/nac

0 Helpful

zuru
Level 1
Level 1
In response to jlively

‎07-16-2003 10:21 AM

But the shun command has still been the same...

This only modified the event message.

0 Helpful
Customers Also Viewed These Support Documents