1) Yes. All Cisco IDS/IPS devices can block(shun) using Pix firewalls, IOS devices and some switches.2) External blocking is done by ssh (or telnet) from the sensor to the external device and issuing commands (block host on Pix) or making changes (...
With IDS appliances, I am using SPAN/port mirroring to capture the traffic. With IPS4240, I can use either promiscuous mode or inline mode. CS> The capabilities of a Cisco appliance (4215/4235/4240) are more dependant on code version than product typ...
Say you have a 3 vlans you want to do IPS inspection on (1,2, and 3) and that you connected those vlans into the network using new vlans (11, 21 and 31) where 1 is bridged to 11 and 2 to 21 and 3 to 31 using IPS. Now if you had 4 sensors that were a...
IPS certainly has the capability to look at and track TTL in connections. It does this by default in the normalizer engine (and modifies the TTL field as required). Not real sure how inspecting TTL can help track people sharing their connections.