Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

IDS Attacks response

Posted on 2004-09-01
9
Medium Priority
?
256 Views
Last Modified: 2010-04-09
Hi

I have an IDS configured in the network, im using the IEV monitor and im able to see the attacks by their Ip address,
by i want to know the action that has been taken to prevent this attacks?

Thanks


0
Comment
Question by:ibmas4002
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 18

Expert Comment

by:liddler
ID: 11953479
IF you have a router with acls (Access Control Lists) or a firewall you can block the specific IP addresses.  You can also use ripe to find out the abuse address for their netblock and report their abuse, and get them dropped by their ISP.
0
 
LVL 2

Author Comment

by:ibmas4002
ID: 11955573
Thanks Liddler

I have event viwer installed, also i configured the blocking device. but the signatures its showing nothing in the actions.

so do i need to configure manually to take the actions??

thanks
0
 
LVL 18

Expert Comment

by:liddler
ID: 11955951
Sorry I don't know IEV, you'll have to look at the cisco? docs
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 23

Expert Comment

by:Tim Holman
ID: 11956180
Configure the network IDS with an active port that it can send TCP RST packets to and/or actively modify the upstream router ACL.
Alternatively, buy an inline IPS - Intrusion Prevention System, which will do all this for you...
0
 
LVL 2

Author Comment

by:ibmas4002
ID: 11957489
Hi  tim_holman

can you explain how to configure the IDS for TCP RST flag.

Thanks
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 11957658
What's the exact make and model of your NIDS, and what do you use to manage it  ?
0
 
LVL 2

Author Comment

by:ibmas4002
ID: 11960132
i have 4215 and its connected to the external switch.
0
 
LVL 23

Accepted Solution

by:
Tim Holman earned 750 total points
ID: 11961693
Does the external switch support ACLs ?
The way you'd normally set these up would be:

Internet
|
Router
|
IDS
|
Internal network

..and if the IDS detects anything odd then configure it to modify the router's ACL.

It cannot directly prevent attacks, although it can send RST packets to the originator to reset the session, but then why bother communicating back to the source - just block it with the ACL.

Instructions using IDSM are here:

http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_installation_and_configuration_guide_chapter09186a00801a0c83.html

Look under Configuring Blocking:

http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_installation_and_configuration_guide_chapter09186a00801a0c83.html#32394
0
 
LVL 2

Author Comment

by:ibmas4002
ID: 11994870
Thanks  tim_holman

its useful
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question